KernelPicnic
Reverse engineering a Novation FLKey - Part I
A few months ago I bought a Novation FLKey to use as a MIDI controller for several devices which aren’t connected to a DAW. Of course, it later turned out that due to a combination of subtle quirks or missing features in other equipment, the planned setup wouldn’t be possible...
Messing with SWD - Part I
Over the last number of weeks I have been tearing down and performing research into a device powered by an STM32F103x microcontroller. As this particular device had RDP (Read-Out Protection) set to Level 1 it was not possible to dump the firmware from the device. This meant any attempts to...
Pivoting from blind SSRF to RCE with HashiCorp Consul
This post details an example of chaining three relatively trivial vulnerabilities to achieve remote code execution on a Bug Bounty target. These vulnerabilities alone would have likely been of low severity, but when used together they were scored and rewarded together as a High Priority (P1) issue. This vulnerability was...
BKP CTF - Wackusensor Write-Up
Given the quality of the last Boston Key Party (BKP) CTF it wasn’t unexpected that there would be some great challenges again this year. Wackusensor certainly fell into that category, providing an interesting target while not being as quite as difficult to solve as some of the other cloud challenges....
Remote Code Execution (RCE) on Microsoft's 'signout.live.com'
TL;DR: The combination of a less than great vulnerability handling processes by Adobe, and the use of default credentials by Microsoft yielded remote code execution on the signout.live.com domain. The following remote code execution vulnerability in the signout.live.com service was reported to the Microsoft Security Response Center in late 2015...