Home
Perlite – Access Control via Authentik
This question has been asked several times by various users: „Can we get an authentication mechanism for Perlite?“ For those who don’t know what Perlite is: it’s a web app that lets you easily host your Markdown/Obsidian files on the internet yourself. For more information, see the Github repository. Perlite. authentik is a self-hosted, open
Continue Reading „Perlite – Access Control via Authentik“
StrelaStealer 2026 – Malware Analysis
Malware Analysis of a IMAP Credential Stealer This is a blog post about malware designed to steal information, which is distributed via phishing emails and connects to a C2 server in several steps, steals IMAP login credentials, and embeds itself permanently in the system. Usually, the server behind the URL is already offline by the
Continue Reading „StrelaStealer 2026 – Malware Analysis“
Il2Cpp Injection and Hooking via Scaffolding
A Il2cpp scaffold is a ready to use (and to inject) DLL, which give us access to every type definition, object and method from the game and also provides a il2cpp helper API. As I was playing around with some game manipulations for the Game A Tainted Grail – The Fall of Avalon I got
Continue Reading „Il2Cpp Injection and Hooking via Scaffolding“
Tainted Grail – FoA – Unlock The Hidden Secrets
The journey of recovering my lost arm. Background Back in the bad weather season, I was looking for a single player game that I could enjoy alongside my usual daily routine. I noticed the release of Oblivion remastered Edition and considered buying it, but the reviews shortly after release weren’t particularly promising, so I decided
Continue Reading „Tainted Grail – FoA – Unlock The Hidden Secrets“
Smart Time Plus RCE – CVE-2024-53543
The Software Smart Time Plus < 8.6 contains several vulnerabilities: which can be chained to achieve unauthenticated remote code execution as SYSTEM on the Windows host. Background and Research During a pentest I stumbled across the following web service on port 443: Smart Time Plus is a time tracking tool developed and published by the
Continue Reading „Smart Time Plus RCE – CVE-2024-53543“
How to Patch a Android Unity Game
This post is a follow-up of the How to mod a simple Android App post and heavily based on this great article https://hacking.kurcin.com/android/use-frida-to-controll-unity-app-il2cpp/ Background about this Project I chose a game that I know and that I played myself for a while, this helps to identify useful methods and properties where you want to hook
Continue Reading „How to Patch a Android Unity Game“
How to mod a simple Android App
Background about this Project This post is about how to reverse and modify the simple Android Dice Roller! app. The app was randomly chosen by me, I wanted to start with something simple, so: Before you start always check, if you can decompile, compile, sign, install and lunch the app, some apps wont run with
Continue Reading „How to mod a simple Android App“
GOG Galaxy – CVE-2022-31262
With my researches, described on my other post Hunting for LPEs in Gaming Software. I was curious about GOG services which run as Local System. I installed GOG on a „fresh“ Windows 11 and Windows 10 system and focused again to the Service „GalaxCommunication“. As we can see the Service is still running with SYSTEM
Continue Reading „GOG Galaxy – CVE-2022-31262“
Hunting for LPEs in Gaming Software
Recently I started to dive deeper into the topic „LPE on Windows“, obviously one of the first things you will learn is to look what runs as system and does it load anything were you have write access to. The Theory I started my learning with some very educating sources about DLL Ghosting and Sideloading.
Continue Reading „Hunting for LPEs in Gaming Software“
RE: DC-932L Reversing a Webcam Part 3 – Building the Firmware
In my last post I described how to extract the firmware, this was quite easy. But to rebuild a firmware is something different. This is a three part long story I need to be honest here, just remembering back to this process is painful, I will just describe some problems about the whole process that
Continue Reading „RE: DC-932L Reversing a Webcam Part 3 – Building the Firmware „