As part of a graduate reverse engineering course at university, my group was tasked with auditing the security of TP-Link's mesh wireless offering, the Deco M5. One of the chosen avenues was to attempt gaining root shell access by interfacing with an exposed debug interface on the device. This post …

There are many cases where a system administrator or user needs to access a resource or system that resides on a remote LAN, often behind a firewall such that the service cannot be accessed directly from the internet. The usual solution to this scenario is to set up a VPN …

Recently, for purely academic reasons, I had a need to create a script that would allow me to easily backdoor installation ISOs, the kind of ISOs you would find for UNIX/Linux-based distributions. I wanted something that could arbitrarily install any backdoor and evade detection, which is already easy enough …

I recently found another XSS vulnerability while experimenting with a service that I have previously used. Cerberus is an anti-theft solution for Android, and provides many more features compared to the standard Android Device Manager. Once the Cerberus application is installed and configured on your Android device, you can access …

My apologies for no pictures- I love pictures, but this was a long time ago and I currently don't have any.

You know you're doomed when you can't just use software without looking for security vulnerabilities. Looking for XSS vulnerabilities isn't usually too exciting, so I definitely enjoy the opportunity …