Temporary intercom hack

The lock of the front door was broken, so I hacked together a way for housemates to open the door via their phones.

- Lego Mindstorm, Hacks, Fun, Free time

OSCP - Fun and challenging but overrated

An article about my experiences with the OSCP course.

- OSCP, exam, culture

Viewing mssql backups files and extracting hashes

How to extract the sa password hash and view the content of the master database from an MSSQL database backup (.bak).

- MSSQL, bak, mdf, master, hash

Owning Building Management Systems

A talk from Gjoko Krstic about his research on Building Management Systems where he thanks me for contributing to the project.

- BMS, HITB, talk

To set currents in motion

Some blog article I wanted to write on information security.

- information security, writing, ideas

Secure Diffie-Hellman parameters for Lighttpd with SNI

A proper SNI configuration for lighttpd DH parameters.

- DH, lighttpd, configuration, SNI

Staying Positive About False Negatives

How and why I failed a couple of times during a code review / pentest.

- failing, pentest, code review, work

Fixing this "couldn't get 'max filedescriptors'" error

How I fixed the "couldn't get 'max filedescriptors'" error from Lighttpd.

- lighttpd, error, code fix

Spot The Book

Small novel I made as an excercise for writing.

- writing, security

Spot The Bug challenge 2018 warm-up

Warm-up for the Spot The Bug challenge 2018 from Securify.

- challenge, code review

Hoe begin je 2018 veilig op internet?

After reporting some vulnerabilities I found during SOP to a newspaper, they ask me to give some general internet safety tips for 2017-2018. The article contains a few of my practical tips. Here is the complete (Dutch) text I sent in regarding internet safety for the public.

- volkskrant, security advice

Compiling a Monero miner on OSX

Tutorial on compiling a Monero miner op OSX.

- monero, mining, osx, cryptocurrency


Backgrond information about the website.

- meta, about, creator, website

Fixing the critical software update OSX install message

A short article about fixing the critical software update error message when re-installing a Macbook Pro with a touch bar.

- OSX, Macbook, touch bar

A journey into cracking RSA moduli with a common GCD

In this article I share some experiences from cracking RSA moduli in bulk by exploiting the use of common GCDs.

- RSA, GCD, crypto, cracking, global

Helpdesk - Stupid things people say

It's about seven years ago I worked at a helpdesk. At that time, I created a document to register what people say (in Dutch). Don't get me wrong; people are not stupid. They are just end users.

- helpdesk, psychology, people

Kobo Aura H2O hacking

Bypassing registration for the Kobo Aura H2O so you can use it like the actual product you payed for.

- Kubo Aura, hacking, no registration

Added RSS feed

I've added a Really Simple method for generating an RSS feed. Most information I got from w3schools. There was a hick-up with XML-escaping, luckily the neat xmlescape method from the Python package xml.sax.saxutils was perfect for this. Also, it turns out that the 'guid' element can just be the URL to an article.

- meta, RSS, graa.nl

Spot The Bug challenge 2016 write-up

Write-up for the Spot The Bug challenge 2016 from Securify.

- challenge, write-up, php, code review

Spot The Bug challenge December 2016

Briefing for the Spot The Bug challenge 2016 from Securify.

- challenge, php, code review

Spot The Bug challenge 2015 write-up

Write-up for the Spot The Bug challenge 2015 from Securify.

- code review, challenge, securify, write-up

Spot The Bug challenge 2015 briefing

Briefing for the Spot The Bug challenge 2015 from Securify.

- code review, challenge, securify


Back in 2014 I thought of a hack for the Dutch train system I call trainpooling.

- ov-chipcard, trains, hacks