CVE-2014-7808 - Apache Wicket CSRF (2014)

Posted on Sat 29 October 2016 in posts • Tagged with script, python, security, web, cryptoLeave a comment

This is about a vulnerability I discovered in Apache Wicket in 2014, but never got around to publishing my write-up. So it's kinda outdated now... Apache Wicket is a web application framework for Java and is used by quite a few big sites. I had a closer look at ...

Continue reading

CrossedCaptcha

Posted on Tue 14 October 2014 in posts • Tagged with script, python, captcha, securityLeave a comment

First of all, this research is legit because I have a logo and a name for it. This seems to be a trend right now (heartbleed, shellshock, sandworm) . Afaik the rule is that you must invest the same time into creating the logo as you did in your research.

Creating ...

Continue reading

Code Archeology (Updated)

Posted on Thu 18 September 2014 in posts • Tagged with script, python, code auditLeave a comment

One day I thought about different techniques to do source code analysis. Especially since we often have access to repositories and thus the evolution of code.

Wouldn't it be cool to see the age of certain lines of code relatively to others? So I decided to create a PoC ...

Continue reading