Techblog and Security


RE: DC-932L Reversing a Webcam Part 3 – Building the Firmware 

In my last post I described how to extract the firmware, this was quite easy. But to rebuild a firmware is something different. This is a three part long story I need to be honest here, just remembering back to this process is painful, I will just describe some problems about the whole process that

RE: DC-932L Reversing a Webcam Part 1 – Getting a Shell

Introduction and Story I remember, more then a year ago I watched this fantastic video from stacksmashing about reverse engineering and rebuilding a custom firmware for a webcam. I was absolutely stunned that this is possibile and thought about to try this some time on a device I have at home. As usual, time passes

Things I wanted to know before I started with Buffer Overflows

Entry This Post is about different issues and challenging moments I encountered during my learning experience with Buffer Overflows and wished I knew before. This is not a guide how BOFs are working or how to learn this topic. Watch these two videos from LiveOverflow, these will really save you some time if your exploit

NTLM Attack in Metabase CVE-2022-24853

Metabase GeoJSON API Endpoint Back in September 2021, Metabase released a security announcement regarding its GeoJSON API endpoint: GeoJSON URL validation can expose server files and environment variables to unauthorized users We’ve discovered a potential security issue with the custom GeoJSON map (admin->settings->maps->custom maps->add a map) support and potential local file inclusion (including environment variables).