by Julien Ahrens | Monday, August 28, 2017 | Bug Bounty
I recently came across an interesting Local File Inclusion vulnerability in a private bug bounty program which I was able to upgrade to a Remote Code Execution. The interesting fact about this and what makes it different is that the underlying operating system was...
by Julien Ahrens | Wednesday, March 1, 2017 | Advisory, Bug Bounty
In late January, I have found and reported a Server-Side Request Forgery (SSRF) vulnerability on toolbox.googleapps.com to Google’s VRP, which could be used to discover and query internal Google DNS servers to extract all kinds of corporate...
by Julien Ahrens | Monday, January 23, 2017 | Advisory, CVE
I’m quite busy with bug bounties lately, but sometimes I still discover stuff, which might also be interesting for the rest of you ;-). So here’s quick writeup about a quite interesting vulnerability in the open source...
by Julien Ahrens | Saturday, December 31, 2016 | Conferences
The year 2016 comes to an end quickly and so it was time for another Sides conference. This year’s HamburgSides, formerly known as BSidesHH, was held in the Bucerius Law School in Hamburg next to the 33C3. I’ve been supporting this event since the very...
by Julien Ahrens | Tuesday, September 20, 2016 | Conferences
Have you ever been to 44CON in London? In case you haven’t, you need to go there in 2017! To be honest it was my first time attending, but it took just one 44CON for me to become excited and that not only because of the Corgi crew member...
by Julien Ahrens | Monday, June 27, 2016 | Certifications
As you may have noticed, I have posted a couple of articles about my SecurityTube Linux Assembly Expert exam during the last months. Now that I have successfully completed the course, I just want to share my thoughts about it for those of you who...
by Julien Ahrens | Thursday, April 28, 2016 | Certifications
Do you want to fool antivirus software? When you look through hacking forums for a solution to this, you will likely encounter the term “crypter”. You will also find this tool in the arsenal of every advanced penetration tester and it is the obvious...
by Julien Ahrens | Tuesday, April 12, 2016 | Certifications
Question: How can signature-based Intrusion Detection systems be defeated? Answer: Using polymorphic shellcodes! This might sound really crazy and cyber, but it has nothing to do with inventing fancy new hacking techniques, it’s rather about...
by Julien Ahrens | Tuesday, February 23, 2016 | Bug Bounty
Better late than never. This article will give you some insights about my discovered generic Cross-Site Request Forgery Protection Bypass in Ubiquiti’s UniFi v3.2.10 and below, as published some time earlier this year on HackerOne. This...
by Julien Ahrens | Tuesday, December 29, 2015 | Conferences
Hamburg – just about one year ago, the first BSides was organized by Arron and Caroline. Now, one year later on 28th December, just after a relaxed Christmas time, they invited again – for the next #BSidesHH. It was powered by the...
