Personal blog of Christian Haschek

Here, I’ll be talking about an interesting vulnerability that I have found in NASA Jira (An Atlassian task tracking systems/project management software etc.).

We open-sourced a fault injection tool, KRF, that uses kernel-space syscall interception. You can use it today to find faulty assumptions (and resultant bugs) in your programs. Check it out! This p…

MiTM attack between target Windows machines and for which of those hostnames the DNS server is responding with a No such name message.

Over time, the type of vulnerabilities seen in the web app landscape changes. One that has persisted year in, year out, is cross-site noscripting. It’s been a ...

Malicious apps on Google Play were trying to drop the Anubis banking malware on unsuspecting users. They were also using an innovative new evasion tactic.

1 vote and 0 comments so far on Reddit

Introduction Hey I’m back with another Buffer Overflow article and today we are going to do a really interesting exploit , Today we will finally escalate privileges using a vulnerable suid binary (you can know more about that by reading the first buffer overflow…

In 2017, while attempting to get some DRM-enabled video player to work on my Mac, I stumbled upon a hard-coded private key. The corresponding public key was used in a valid and publicly trusted Cis…

After spending many years working in information security, as a consultant, I've had the chance to audit a multitude of different systems invented and developed by many different people. While there is a lot to say about that, the focus of this article is…

This the Webinar: "The 1-Year Roadmap To Master Malware Analysis, Triple Your Salary Or Be The Star Of Your Response Team, Without Getting a New Certificate or Programming Skills"

1 vote and 0 comments so far on Reddit

Perception Point’s platform recently intercepted an attack leveraging the BYOB framework. This is the first time the BYOB framework is seen being used for fraudulent activity in the wild.

Finding and exploiting open instances of SickRage/SickChill.

Positive Hack Days is a unique global event. It is the only event which brings together the elite of the hackers' world, leaders of the information security industry and representatives of the Internet community to cooperate in addressing burning information…

A Chrome extension is stealing your credit card details with you knowing, do you have it installed on your device?

Abstract Content-Security Policy (CSP) is one of the most vital protection layers in client-side web security. A strict policy should n...

2 votes and 0 comments so far on Reddit

7 votes and 0 comments so far on Reddit

A small Bash utility used for pivoting into internal networks upon compromising a public-facing host. - itsKindred/PortPush

Welcome to CypherCon 4.0 (2019), Wisconsin’s Hacker Conference! Our conference provides hackers with an outlet to openly demonstrate and experience creativity and ingenuity through hands-on enlightening activities and thought provoking presentations and technical…