[email protected]:~$

Hi 👋,

welcome on my personal website! “This is it… this is where I belong…” I know everyone here… even if I’ve never met them, never talked to them, may never hear from them again… I know you all…

Latest post

WordPress Plugin Confusion: How an update can get you pwned

25 November 2021

tl;dr: Like the novel “Dependency Confusion” supply chain attack, it is possible to take over internally developed WordPress plugins unclaimed on the wordpress.org registry. Updating the plugin might result in the RCE or installing a PHP backdoor. You can use wp_update_confusion.py to scan for potential targets. To protect your website,...

Recent posts

Analysis of the Fake Trezor Mobile Wallet app in the Play Store

14 April 2021 tl;dr: I analyzed the fake Trezor Android application on Google...

Exploiting remote DoS vulnerability in my not-so-smart TV

11 March 2021 tl;dr: I found a remotely exploitable DoS vulnerability in my...

WP GDPR Compliance <= 1.5.5 - Unauthenticated Cross-Site Scripting (XSS)

16 February 2021 tl;dr: The GDPR Compliance <= 1.5.5 plugin allowed unauthenticated users...