This blog was created to have my own place online to post the security releated articles. I am security engineer - currently working as application security penetration tester. Security certs in my pocket: OSEP, OSWE, OSCP

If you would like to write me a private message here is my PGP public key.

Slides from public presentations

Publicly disclosed security issues

  • CVE-2020-11011 - RCE on Phproject via Unrestricted File Upload
  • CVE-2021-29448 - Stored DOM XSS in PiHole Web Admin Interface
  • CVE-2021-30133 - Reflected XSS to RCE in CloverDX Server Simple HTTP API
  • CVE-2021-29995 - CSRF to RCE in CloverDX Server
  • CVE-2021-32791 - Hardcoded static IV and AAD with a reused key in AES GCM encryption in Apache mod_auth_openidc