Who reports the “low hanging fruit” security issues?

Some time ago, I came across this article on Hacker News. I recommend you read the whole thing. But in short: A social media site for woman called “Giggle” used an API that pretty much exposed every users data, if you did so much as to request it. This is called an IDOR vulnerability. The … Read more

The Story of my first “Incident Response”

Today, I felt like sharing one of my favourite experiences that I had in my still short career as a Web Developer. It’s a Story in which I am tasked with investigating a server issue, which quickly lead to me detecting a hacked system. Prologue The Summer rolled around and schools closed for the summer … Read more

Modern Android is pretty secure

When most people would describe the Android Platform, things like customizability, device diversity and pricing are usually named. Security on the other hand, most likely will not come to people’s mind. At least in my experience that is. Most people just don’t perceive Android as being especially secure. The biggest reason could be the more … Read more

Slipping past China’s Firewall in a Trojan Horse

Sometime in 1260–1180 BC some smart Greek dudes used a “Trojan Horse” to smuggle their soldiers inside of the city of Troy. In 2019 some smart Chinese dudes use a software called “Trojan” to smuggle their TCP/IP Packets outside of the country. And I think that’s just as exciting. Continuing to research about Firewalls and … Read more

Bypassing Firewalls – But How?

In my last post I have elaborated multiple reasons as to why someone would want to bypass a Firewall. Now that this is established, here comes the part where we get to the “how”. If you don’t care about the technology behind any of this, jump to the conclusion. However, if you are interested in the theory behind Firewall … Read more

Bypassing Firewalls – But why?

Oh boy here goes. This is the first post of many, in which I will touch the topic of bypassing Firewalls. This being the Introduction of this series, I will focus on setting the topic up, providing explanations and all that stuff. Some of the resources I will provide are screenshots from chats I took … Read more

Trust is good, cryptography is better

Recently, I have seen a lot of people in the InfoSec- and Online Privacy Community having lenghty discussions about which companies we can trust these days. At the very least, since Snowden has leaked various documents,  many companies have been labeled as either “trustworthy” or “not trustworthy”. These companies and services are rated by their past actions, and the … Read more

Google Dorks – Sometimes it really is that easy

One day, I was watching some DefCon talks at YouTube, as I often do. One of the videos was titled “Google Hacking for Penetration Testers“. This title sounded very interesting, but also didn’t tell me much about what to actually see in there. So naturally, I watched it. It was amazing. All I could think … Read more

My Personal Security Setup

Over the last year or so, I have seriously stepped up my security game. These days, fraudsters have an exceptionally easy job of getting your data. With all these data breaches reaching from small websites that have bad encryption (if any) to online stores. This data can be used as a whole to create so … Read more

Hacking into an online games leaderboard – Reversing JS

This is Part 2 of my Series about unconventional usage of JavaScript. Please read part 1 first if you haven’t already, as I will write this second part less noob friendly. This time I will take a look at a JavaScript powered game, which features a Online Leaderboard to show off your 1337 Hacker Skills to the … Read more

Free Premium for textmechanic – Reversing JS

This post is part of a multi-part Series where I write about fun things you can do with just some JS and a modern day browser. Part 1 is about getting Free Premium Features on textmechanic.com. What do I need? A browser. I will be using chrome Basic understanding of programming as well as the HTTP … Read more

Brutal Web Design – Resource Collection

Over the last 2 years, I found various interesting articles regarding brutalism in web design. Even though they do not necessarily considered themselves talking about that topic. If you don’t know what Brutal web design is, then let me quote one of the said articles to sum it up quickly: Originated in post-World War II … Read more

UNLICENSE – cuz I can’t be bothered

If you take a close look at my GitHub Profile you will notice that I primarily license my projects with the UNLICENSE. It’s contains the following statement: This is free and unencumbered software released into the public domain. Anyone is free to copy, modify, publish, use, compile, sell, or distribute this software, either in source code form … Read more

ReadMes are Important!

This article is primarily written about the platform GitHub. If you are unfamiliar with this platform, it might contain terms that will just confuse you. I recommend reading THIS first. One of the nicest things to experience as a developer is when the things you made actually get used by people. That they find it actually useful (and … Read more

Why having your own Server is totally awesome

Around 2015-2016 I was getting more and more involved in webdevelopment. Before that my coding revolved mostly about some Batch scripting or Automation scripts with AHK. Nothing fancy and barely over 100 lines each. Having made my first somewhat good looking website at that time, I wanted to made it available to the public eye. At first … Read more

The misuse of the word Hacker

Ask the media, then ask an older programmer from the 80’s. Maybe ask your best friend and now, ask yourself: Who or what is a “hacker”? This one particular word is being misused by the general public for years now, drawing the picture of that lonely criminal, sitting in an all dark room watching the matrix intro … Read more