{"version":1,"pages":[{"id":"-Mhm32lSZP70Kgaek10_","title":"Home","pathname":"/cyber-sec","siteSpaceId":"sitesp_gC3lD","emoji":"1f3e0","description":"I am an engineer who is passionate about high quality cyber security. I like to understand how things works - and how to break them. You will find write-ups and other cyber-stuff here."},{"id":"-MhmM0itT797s_9sYwlk","title":"Infographics","pathname":"/cyber-sec/infographics","siteSpaceId":"sitesp_gC3lD","emoji":"1f4d1","description":"This page features a small collection of infographics that I created."},{"id":"-MhmUU638CZrUGa3PMry","title":"Buffer Overflow - Explained","pathname":"/cyber-sec/how-stuff-works/buffer-overflow-explained","siteSpaceId":"sitesp_gC3lD","description":"An in-depth guide on a basic buffer overflow and the details behind developing an exploit for it.","breadcrumbs":[{"label":"How Stuff Works","emoji":"1f6e0"}]},{"id":"uuPj96vWCgUntyeKQdxE","title":"Embedded Firmware Extraction","pathname":"/cyber-sec/how-stuff-works/embedded-firmware-extraction","siteSpaceId":"sitesp_gC3lD","description":"A tale of practicing firmware extraction mixed with some file format reverse engineering.","breadcrumbs":[{"label":"How Stuff Works","emoji":"1f6e0"}]},{"id":"HiYKyKVURrYpGDyaIFQl","title":"CI/CD for a Pentest VM","pathname":"/cyber-sec/how-stuff-works/ci-cd-for-a-pentest-vm","siteSpaceId":"sitesp_gC3lD","description":"Automating the continuous deployment of a virtual pentest machine using Proxmox, Packer, Terraform, Ansible and GitLab.","breadcrumbs":[{"label":"How Stuff Works","emoji":"1f6e0"}]},{"id":"UfwFXc2lNB2CmbrO3L7R","title":"CTF - BugBase - RaaS","pathname":"/cyber-sec/write-ups/ctf-bugbase-raas","siteSpaceId":"sitesp_gC3lD","emoji":"1f3f4","description":"A beginner-friendly introduction to heap-related CTF challenges.","breadcrumbs":[{"label":"Write-Ups","emoji":"1f4d2"}]},{"id":"h3k1Ov7XwO6i9pdQXdu7","title":"THM - Binex","pathname":"/cyber-sec/write-ups/thm-binex","siteSpaceId":"sitesp_gC3lD","emoji":"1f517","description":"Exploiting the SUID bit and a buffer overflow for privesc after brute forcing the initial access.","breadcrumbs":[{"label":"Write-Ups","emoji":"1f4d2"}]},{"id":"qJBmhLZwsc7IF3lkAa7U","title":"THM - Brainpan","pathname":"/cyber-sec/write-ups/brainpan","siteSpaceId":"sitesp_gC3lD","emoji":"1f9e0","description":"Exploiting a buffer overflow and abusing sudo privileges for escalation.","breadcrumbs":[{"label":"Write-Ups","emoji":"1f4d2"}]},{"id":"O5Lx79DZ6eH3342GuuD6","title":"THM - CMesS","pathname":"/cyber-sec/write-ups/cmess","siteSpaceId":"sitesp_gC3lD","emoji":"1f510","description":"Discovering a virtual host that leads to a compromised CMS with subsequent sudo privesc.","breadcrumbs":[{"label":"Write-Ups","emoji":"1f4d2"}]},{"id":"-MhmFLl_XD_EXvZe3PSw","title":"THM - Mr. Robot","pathname":"/cyber-sec/write-ups/mr-robot","siteSpaceId":"sitesp_gC3lD","emoji":"1f4f5","description":"WordPress exploitation and password cracking on a Mr. Robot-themed target.","breadcrumbs":[{"label":"Write-Ups","emoji":"1f4d2"}]},{"id":"BiEFfuzqntoEVcudmcSt","title":"THM - Olympus","pathname":"/cyber-sec/write-ups/olympus","siteSpaceId":"sitesp_gC3lD","emoji":"1f3db","description":"A custom CMS and a puzzle-like exploit chain with some SUID fun for privesc.","breadcrumbs":[{"label":"Write-Ups","emoji":"1f4d2"}]},{"id":"PqsByeNPo4xczyhlRg8L","title":"THM - UltraTech","pathname":"/cyber-sec/write-ups/ultratech","siteSpaceId":"sitesp_gC3lD","emoji":"231a","description":"Exploiting an exposed API endpoint and weak password hashes before escalating via docker.","breadcrumbs":[{"label":"Write-Ups","emoji":"1f4d2"}]},{"id":"EgiSx3Lzaxwbph6hyCNq","title":"CVE-2019-17571 RCE PoC","pathname":"/cyber-sec/cve/cve-2019-17571-rce-poc","siteSpaceId":"sitesp_gC3lD","description":"This is not my CVE. It's a quick and dirty proof of concept tutorial on achieving RCE abusing CVE-2019-17571 that I put together for a friend.","breadcrumbs":[{"label":"CVE","emoji":"2699"}]},{"id":"sW6BB4vuMxdxHLNFrJqh","title":"CVE-2022-45962 Postauth SQLI","pathname":"/cyber-sec/cve/cve-2022-45962-postauth-sqli","siteSpaceId":"sitesp_gC3lD","description":"Authenticated SQL Injection in openSIS classic prior to 9.0.","breadcrumbs":[{"label":"CVE","emoji":"2699"}]},{"id":"AIVFz26fAHBIf6TRRjVn","title":"Introduction","pathname":"/cyber-sec/allendevent/introduction","siteSpaceId":"sitesp_gC3lD","description":"Showcasing a beginner oriented pentesting challenge.","breadcrumbs":[{"label":"AllEndEvent","emoji":"1f3e2"}]},{"id":"8TXcDZrOCIjbco9MZsSv","title":"Chapter I","pathname":"/cyber-sec/allendevent/chapter-i","siteSpaceId":"sitesp_gC3lD","description":"First part of the walkthrough-series for the AllEndEvent pentest challenge.","breadcrumbs":[{"label":"AllEndEvent","emoji":"1f3e2"}]},{"id":"00zM6IGfjCb2sUKOR4ln","title":"Chapter II","pathname":"/cyber-sec/allendevent/chapter-ii","siteSpaceId":"sitesp_gC3lD","description":"Second part of the walkthrough-series for the AllEndEvent pentest challenge.","breadcrumbs":[{"label":"AllEndEvent","emoji":"1f3e2"}]},{"id":"ZnI92CrgKplZBYUBfwnU","title":"Chapter III","pathname":"/cyber-sec/allendevent/chapter-iii","siteSpaceId":"sitesp_gC3lD","description":"Third and final part of the walkthrough-series for the AllEndEvent pentest challenge.","breadcrumbs":[{"label":"AllEndEvent","emoji":"1f3e2"}]}]}