Menu

Home

got 0day?

This blog will cover my progress on various topics of my security research. I hope this blog will encourage you to do your own research and share it with the world for a better tomorrow.

Oracle OAM 10g Session Hijacking

Table of contents Intro Oracle OAM Authentication flow Hijacking the session Global Exposure Proof-of-Concept Webserver Script Proof-of-Concept Video Mitigation CVSS rating Intro TL;DR Badly configured »

VIDEO: Hack In Paris 2016: From zero to SYSTEM on FDE Windows System

This is the presentation video from the HIP 16 presentation Tom and I did earlier this summer. I hope you enjoy it! »

Abusing Kerberos to NTLM fallback to defeat BitLocker FDE

Intro This vulnerability is related to the initial vulnerbility which I and my collegue Tom found back in February, namely the Microsoft Security Bulletin MS16-014. More »

SLIDES: From zero to SYSTEM of full disk encrypted Windows system (Hack In Paris 2016)

Intro On the 30th of June, Tom and I gave a presentation at Hack In Paris about the vulnerabilities we discovered and which could be abused »

From zero to SYSTEM on full disk encrypted Windows system (Part 2)

Intro This blog post is a continuation of my previous post which can be found here. The reason I devided is because two seperate vulnerabilities come »