Temporary intercom hack

The lock of the front door was broken, so I hacked together a way for housemates to open the door via their phones.

- Lego Mindstorm, Hacks, Fun, Free time


OSCP - Fun and challenging but overrated

An article about my experiences with the OSCP course.

- OSCP, exam, culture


Viewing mssql backups files and extracting hashes

How to extract the sa password hash and view the content of the master database from an MSSQL database backup (.bak).

- MSSQL, bak, mdf, master, hash


Owning Building Management Systems

A talk from Gjoko Krstic about his research on Building Management Systems where he thanks me for contributing to the project.

- BMS, HITB, talk


To set currents in motion

Some blog article I wanted to write on information security.

- information security, writing, ideas


Secure Diffie-Hellman parameters for Lighttpd with SNI

A proper SNI configuration for lighttpd DH parameters.

- DH, lighttpd, configuration, SNI


Staying Positive About False Negatives

How and why I failed a couple of times during a code review / pentest.

- failing, pentest, code review, work


Fixing this "couldn't get 'max filedescriptors'" error

How I fixed the "couldn't get 'max filedescriptors'" error from Lighttpd.

- lighttpd, error, code fix


Spot The Book

Small novel I made as an excercise for writing.

- writing, security


Spot The Bug challenge 2018 warm-up

Warm-up for the Spot The Bug challenge 2018 from Securify.

- challenge, code review


Hoe begin je 2018 veilig op internet?

After reporting some vulnerabilities I found during SOP to a newspaper, they ask me to give some general internet safety tips for 2017-2018. The article contains a few of my practical tips. Here is the complete (Dutch) text I sent in regarding internet safety for the public.

- volkskrant, security advice


Compiling a Monero miner on OSX

Tutorial on compiling a Monero miner op OSX.

- monero, mining, osx, cryptocurrency


Meta

Backgrond information about the website.

- meta, about, creator, website


Fixing the critical software update OSX install message

A short article about fixing the critical software update error message when re-installing a Macbook Pro with a touch bar.

- OSX, Macbook, touch bar


A journey into cracking RSA moduli with a common GCD

In this article I share some experiences from cracking RSA moduli in bulk by exploiting the use of common GCDs.

- RSA, GCD, crypto, cracking, global


Helpdesk - Stupid things people say

It's about seven years ago I worked at a helpdesk. At that time, I created a document to register what people say (in Dutch). Don't get me wrong; people are not stupid. They are just end users.

- helpdesk, psychology, people


Kobo Aura H2O hacking

Bypassing registration for the Kobo Aura H2O so you can use it like the actual product you payed for.

- Kubo Aura, hacking, no registration


Added RSS feed

I've added a Really Simple method for generating an RSS feed. Most information I got from w3schools. There was a hick-up with XML-escaping, luckily the neat xmlescape method from the Python package xml.sax.saxutils was perfect for this. Also, it turns out that the 'guid' element can just be the URL to an article.

- meta, RSS, graa.nl


Spot The Bug challenge 2016 write-up

Write-up for the Spot The Bug challenge 2016 from Securify.

- challenge, write-up, php, code review


Spot The Bug challenge December 2016

Briefing for the Spot The Bug challenge 2016 from Securify.

- challenge, php, code review


Spot The Bug challenge 2015 write-up

Write-up for the Spot The Bug challenge 2015 from Securify.

- code review, challenge, securify, write-up


Spot The Bug challenge 2015 briefing

Briefing for the Spot The Bug challenge 2015 from Securify.

- code review, challenge, securify


Trainpooling

Back in 2014 I thought of a hack for the Dutch train system I call trainpooling.

- ov-chipcard, trains, hacks