SpipM - Technology blog

SpipM - Technology blog https://www.spipm.nl/ Spip's technology blog Fri, 13 Mar 2026 13:33:35 +0000 http://blogs.law.harvard.edu/tech/rss <![CDATA[Odido-router verzamelt analytics van je huishouden]]> Sun, 01 Mar 2026 00:00:00 7d35da24-8f5d-657c-d099-31893486368d https://www.linkedin.com/pulse/odido-router-verzamelt-analytics-van-je-huishouden-sipke-mellema-0uoie/ <![CDATA[Wij van security adviseren security]]> Sun, 01 Feb 2026 00:00:00 28fff1d4-7a76-3c26-1f5b-57d4e61a7615 https://www.spipm.nl/2603.html <![CDATA[Basic XDP firewall]]> Thu, 01 Jan 2026 00:00:00 53333a47-14bd-a6b6-512b-6b4dc3429a43 https://github.com/spipm/butsers_xdp <![CDATA[Post-auth RCE in Adeptia 6.9]]> Mon, 01 Sep 2025 00:00:00 b8d6deb6-868d-7def-50f8-fca8265b76d6 https://www.spipm.nl/2530.html <![CDATA[Tekortkomingen van het CCV-pentestkeurmerk]]> Tue, 01 Jul 2025 00:00:00 4ae30add-2691-1b6c-b441-e6e76a30d162 https://www.spipm.nl/2602.html <![CDATA[Compressing text messages]]> Sat, 01 Feb 2025 00:00:00 29d6f9c9-eefa-ae8c-47d2-cc77c3af133d https://www.spipm.nl/2520.html <![CDATA[OSEP - Fun and challenging but overrated]]> Sun, 01 Dec 2024 00:00:00 1cc57dd0-5981-42ea-3090-26cc38c61379 https://www.spipm.nl/2412.html <![CDATA[Recovering secrets from IntelliJ plugins]]> Mon, 01 Apr 2024 00:00:00 8369c58c-7440-3067-c467-c442edb1d743 https://www.spipm.nl/2404.html <![CDATA[BraekerCTF 2024 source]]> Thu, 01 Feb 2024 00:00:00 4edfca8a-ac41-c52f-b439-d17d39019f9b https://github.com/spipm/BraekerCTF_2024_public <![CDATA[Pentest report writing guide]]> Fri, 01 Sep 2023 00:00:00 3b52e9b8-1779-3ad2-bbfc-cf4767e9ee95 https://github.com/spipm/pentest-report-guide/tree/main <![CDATA[Argon2 wordlist cracker]]> Fri, 01 Sep 2023 00:00:00 3f11ba67-d9b6-2fc0-535f-a0007f7e9495 https://github.com/spipm/argon2_cracker <![CDATA[Can we restore trust in cryptographic control?]]> Tue, 01 Aug 2023 00:00:00 088680ec-cbf0-d180-15d9-7234b3470e8b https://www.spipm.nl/2309.html <![CDATA[How to save money on a pentest]]> Wed, 01 Mar 2023 00:00:00 eeb84bbf-5f46-2c3b-4208-683d629a2550 https://www.spipm.nl/2301.html <![CDATA[Cracking Oracle Apex password hashes]]> Fri, 01 Apr 2022 00:00:00 ff68df16-d517-0951-0ecf-a21d14f5216a https://www.spipm.nl/2201.html <![CDATA[Sharpen your monitoring capabilities with honeypots]]> Wed, 01 Sep 2021 00:00:00 5542f97b-43be-8812-9c2f-a1263f2e25e0 https://www.spipm.nl/2105.html <![CDATA[CVE-2021-22524 - DoS via XXE in NetIQ Access Manager]]> Tue, 01 Jun 2021 00:00:00 49497e4e-3ebd-c053-29f5-08e8d076a159 https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html <![CDATA[Harden your security team - Don't trust bug bounty reports]]> Mon, 01 Feb 2021 00:00:00 0597c552-2c2b-6783-2931-a692f98b0f27 https://www.spipm.nl/2101.html <![CDATA[Recovering passwords from pixelized screenshots]]> Tue, 01 Dec 2020 00:00:00 49037863-555b-af19-8835-345b17328b56 https://www.spipm.nl/2030.html <![CDATA[Lessons from password policy science]]> Sat, 01 Aug 2020 00:00:00 76926ab9-90d4-a5a5-253a-96c1d8179b18 https://www.spipm.nl/2020.html <![CDATA[A widespread piece of .NET code allowing code execution]]> Sat, 01 Feb 2020 00:00:00 c4747456-2196-7b70-996a-e96b894f2a7e https://www.spipm.nl/2010.html <![CDATA[Spot The Bug - An Open End]]> Tue, 01 Oct 2019 00:00:00 da6baa6f-1f16-3c57-9731-2c33c15a40de https://www.spipm.nl/1970.html <![CDATA[Temporary intercom hack]]> Sun, 01 Sep 2019 00:00:00 803cb1e7-8279-7a03-4f71-aafc9955e7e3 https://www.spipm.nl/1960.html <![CDATA[Viewing mssql backups files and extracting hashes]]> Mon, 01 Jul 2019 00:00:00 a90533af-09b4-2140-a2c9-b091e00b7323 https://www.spipm.nl/1930.html <![CDATA[Owning Building Management Systems]]> Sat, 01 Jun 2019 00:00:00 cfddfc3c-91ae-c144-f1c7-0964f0860ff6 https://www.spipm.nl/1920.html <![CDATA[Loracrack - LoRaWAN session cracker]]> Sat, 01 Jun 2019 00:00:00 87ecdb3c-91de-66d5-9754-a2f403fc119c https://github.com/spipm/Loracrack <![CDATA[Siemens Spectrum Power Command Injection]]> Sat, 01 Jun 2019 00:00:00 4e3656bb-71f2-bc54-f59a-9b23d1fb590a https://applied-risk.com/resources/ar-2019-010 <![CDATA[OSCP - Fun and challenging but overrated]]> Sat, 01 Jun 2019 00:00:00 c1c24171-7af2-bd9b-7687-9b947ab165cf https://www.spipm.nl/1940.html <![CDATA[Simple libHackRF API example]]> Wed, 01 May 2019 00:00:00 882635e2-3561-5210-1284-3870aca0658b https://gist.github.com/spipm/a8c0b472392da212bf03b08f372a8f7d <![CDATA[Only log required data for WPA cracking (aircrack-ng / airodump)]]> Wed, 01 May 2019 00:00:00 a8c3fc7d-fb1e-7b10-064f-e979ef2d3a24 https://github.com/spipm/aircrack-ng/commit/ad349b9fcfa4bdcff864434b92d3c72881e3eabe <![CDATA[To set currents in motion]]> Thu, 01 Nov 2018 00:00:00 c219fc3b-5aa0-c752-a1dc-eb46d25230e4 https://www.spipm.nl/1850.html <![CDATA[Programming the Razer Tartarus Chroma on Linux]]> Mon, 01 Oct 2018 00:00:00 da46979d-ce47-ce14-9080-c248a93c41ce https://github.com/spipm/Razer-USB-tartarus <![CDATA[Staying Positive About False Negatives]]> Sat, 01 Sep 2018 00:00:00 20775916-b8dc-06b8-b916-348a3beb07b0 https://securify.nl/blog/SFY20180901/staying-positive-about-false-negatives.html <![CDATA[Secure Diffie-Hellman parameters for Lighttpd with SNI]]> Wed, 01 Aug 2018 00:00:00 69177c16-4f85-4181-a809-cc752223e6a1 https://www.spipm.nl/1830.html <![CDATA[Self-replicating binary infecting Mach-O files]]> Sun, 01 Jul 2018 00:00:00 707ded25-1b3c-5661-135b-911a4f89f4d6 https://github.com/spipm/simpvir <![CDATA[Fixing this "couldn't get 'max filedescriptors'" error]]> Sun, 01 Apr 2018 00:00:00 8bc1da53-535b-1797-263d-2bfd2e728391 https://www.spipm.nl/1815.html <![CDATA[Postfix mail bot for helping setting up PGP encrypted mail]]> Sun, 01 Apr 2018 00:00:00 d17bb031-661a-a3f0-7027-db8269a9de7c https://github.com/spipm/PGPMailbot <![CDATA[Spot The Bug challenge 2018 warm-up]]> Mon, 01 Jan 2018 00:00:00 e7c318cc-e49a-cb4e-f102-cfd2633eae7a https://www.securify.nl/blog/spot-the-bug-challenge-2018-warm-up <![CDATA[Hoe begin je 2018 veilig op internet?]]> Fri, 01 Dec 2017 00:00:00 bb7a1e94-6af0-f50b-966e-d412480ca176 https://www.spipm.nl/1780.html <![CDATA[Compiling a Monero miner on OSX]]> Fri, 01 Dec 2017 00:00:00 529f5417-5aca-9362-b634-4a4b4b52acab https://www.spipm.nl/1770.html <![CDATA[A journey into cracking RSA moduli with a common GCD]]> Wed, 01 Nov 2017 00:00:00 0477165c-e694-30a3-36b9-4731639cda27 https://www.spipm.nl/1753.html <![CDATA[Fixing the 'critical software update' OSX install message]]> Wed, 01 Nov 2017 00:00:00 1ea34e1e-0f17-5f2f-47bc-12b448d1a241 https://www.spipm.nl/1755.html <![CDATA[Multiple vulnerabilities in VTech DigiGo allow browser overlay attack]]> Fri, 01 Sep 2017 00:00:00 1f3124f4-5025-d5f8-bfe8-671d4c5c9de4 https://www.securify.nl/advisory/multiple-vulnerabilities-in-vtech-digigo-allow-browser-overlay-attack <![CDATA[Kobo Aura H2O hacking]]> Fri, 01 Sep 2017 00:00:00 ecf1b7fb-7213-9258-015d-fb01b1cc8b2b https://www.spipm.nl/1748.html <![CDATA[Broken TLS certificate validation in VTech DigiGo browser]]> Fri, 01 Sep 2017 00:00:00 1b69b20a-5afe-53f0-6051-041cd2081873 https://www.securify.nl/advisory/broken-tls-certificate-validation-in-vtech-digigo-browser <![CDATA[Broken TLS certificate pinning in VTech DigiGo Kid Connect app]]> Fri, 01 Sep 2017 00:00:00 5ce2131e-3c1e-b920-25a0-5fb3d81c1f7e https://www.securify.nl/advisory/broken-tls-certificate-pinning-in-vtech-digigo-kid-connect-app <![CDATA[Buffer over-read vulnerability in Virtuozzo Power Panel (VZPP) and Automator]]> Sat, 01 Jul 2017 00:00:00 5dceec4f-1ae6-fb93-daac-64ee8587a87e https://www.securify.nl/advisory/buffer-over-read-vulnerability-in-virtuozzo-power-panel-vzpp-and-automator <![CDATA[Instant negative hash cracking wordlist lookup]]> Sat, 01 Jul 2017 00:00:00 432f7f1b-c346-154a-9944-ef602d2b7f76 https://github.com/spipm/Bloomhash <![CDATA[Crackcoin: basic blockchain-free cryptocurrency PoC in Python]]> Sat, 01 Jul 2017 00:00:00 a2c67009-92b1-978f-43c5-d3a707ad5a53 https://github.com/spipm/crackcoin <![CDATA[LazyFact - Factoring RSA moduli using basic methods]]> Sat, 01 Jul 2017 00:00:00 ae10d119-6a79-ca26-5fc0-64199d17b83d https://github.com/spipm/LazyfactPython <![CDATA[Reflected Cross-Site Scripting in CM4ALL]]> Sat, 01 Jul 2017 00:00:00 0a739e40-7fe6-f437-f111-c9513073242f https://www.spipm.nl/1740.html <![CDATA[Spot The Bug challenge 2016 write-up]]> Sun, 01 Jan 2017 00:00:00 b10b9f2c-152d-6bf6-e6f0-77fce48456fa https://www.securify.nl/blog/SFY20170103/spot-the-bug-challenge-2016-write-up.html <![CDATA[Spot The Bug challenge December 2016]]> Tue, 01 Nov 2016 00:00:00 74e66d0c-bbea-a059-4e2e-a94434a6f9ec https://www.securify.nl/blog/SFY20161113/spot-the-bug-challenge-december-2016_-win-the-bitcoin_.html <![CDATA[Threaded client/server sockets in Python]]> Sat, 01 Oct 2016 00:00:00 d59dd38f-a329-9193-a9d0-5344ff320d92 https://github.com/spipm/pythonNetworking <![CDATA[Cross-Site Request Forgery in WordPress Press This function allows DoS]]> Fri, 01 Jul 2016 00:00:00 f29b0600-3368-78b3-8406-fa75c2f6e3b9 https://www.securify.nl/advisory/cross-site-request-forgery-in-wordpress-press-this-function-allows-dos/ <![CDATA[Weak validation of Amazon SNS push messages in W3 Total Cache WordPress Plugin]]> Fri, 01 Jul 2016 00:00:00 1237877d-7e6f-2cf9-a5c9-22a4b2c11472 https://www.securify.nl/en/advisory/weak-validation-of-amazon-sns-push-messages-in-w3-total-cache-wordpress-plugin/ <![CDATA[Command injection in InfiniteWP Admin Panel]]> Fri, 01 Jul 2016 00:00:00 9e1ae281-9587-2719-2cdc-6efdf7d8ec52 https://www.securify.nl/en/advisory/command-injection-in-infinitewp-admin-panel/ <![CDATA[Multiple vulnerabilities in All In One WP Security & Firewall plugin]]> Fri, 01 Jul 2016 00:00:00 9d52bae7-905a-f475-c7f4-7b815594d679 https://www.securify.nl/en/advisory/multiple-vulnerabilities-in-all-in-one-wp-security-firewall-plugin-login-captcha/ <![CDATA[Authorization bypass in InfiniteWP Admin Panel]]> Fri, 01 Jul 2016 00:00:00 955384e2-ff79-7c83-a5b2-a09014982841 https://www.securify.nl/en/advisory/authorization-bypass-in-infinitewp-admin-panel/ <![CDATA[Persistent Cross-Site Scripting in WP Google Maps Plugin via CSRF]]> Fri, 01 Jul 2016 00:00:00 5ecd9c29-76dd-42f0-ff9a-d23aeb3c054e https://www.securify.nl/en/advisory/persistent-cross-site-scripting-in-wp-google-maps-plugin-via-csrf/ <![CDATA[Reflected Cross-Site Scripting vulnerability in W3 Total Cache plugin]]> Fri, 01 Jul 2016 00:00:00 437a68c7-af4e-74b1-b2a4-3bad0d25fc0e https://www.securify.nl/en/advisory/reflected-cross-site-scripting-vulnerability-in-w3-total-cache-plugin/ <![CDATA[Persistent Cross-Site Scripting in Woocommerce WordPress plugin]]> Fri, 01 Jul 2016 00:00:00 78ccb71d-6834-0307-aa85-bbdbc61cfa8a https://www.securify.nl/en/advisory/persistent-cross-site-scripting-in-woocommerce-wordpress-plugin/ <![CDATA[Reflected Cross-Site Scripting vulnerability in MailPoet Newsletters plugin]]> Fri, 01 Jul 2016 00:00:00 a8ba6a4c-89f1-c72c-5179-73c0e9e91bad https://www.securify.nl/advisory/reflected-cross-site-scripting-vulnerability-in-mailpoet-newsletters-plugin/ <![CDATA[Information disclosure race condition in W3 Total Cache WordPress Plugin]]> Fri, 01 Jul 2016 00:00:00 e2cdb30c-ee65-60c4-98ac-85480419936f https://www.securify.nl/advisory/information-disclosure-race-condition-in-w3-total-cache-wordpress-plugin/ <![CDATA[Persistent Cross-Site Scripting in Instagram Feed plugin via CSRF]]> Fri, 01 Jul 2016 00:00:00 4c1e3c39-1b38-ac6b-deb7-e54df8adcd5b https://www.securify.nl/en/advisory/persistent-cross-site-scripting-in-instagram-feed-plugin-via-csrf/ <![CDATA[Stored Cross-Site Scripting in Gallery - Image Gallery WordPress Plugin]]> Fri, 01 Jul 2016 00:00:00 1ad4e3da-8e5b-463d-ab2e-f4ab4617252f https://www.securify.nl/en/advisory/stored-cross-site-scripting-in-gallery-image-gallery-wordpress-plugin/ <![CDATA[ASCII animations in terminal using curses]]> Mon, 01 Feb 2016 00:00:00 26d81df3-374c-9e1d-80f1-803a2716193f https://github.com/spipm/cursesAsciiAnimations <![CDATA[JavaScript animation using the canvas element]]> Mon, 01 Feb 2016 00:00:00 ec24b0a6-24c3-b795-a472-eedd27334885 https://github.com/spipm/Blobspace <![CDATA[Shortest Python quine]]> Wed, 01 Jul 2015 00:00:00 a1e879a0-16d1-53b7-ff84-488eeb70178e https://stackoverflow.com/questions/6223285/shortest-python-quine/31724322#31724322 <![CDATA[Spot The Bug challenge 2015 write-up]]> Mon, 01 Jun 2015 00:00:00 ce8a6a30-aafd-a65b-a04e-3737b3efc50e https://www.securify.nl/blog/SFY20150601/spot-the-bug-challenge-2015-write-up.html <![CDATA[Spot The Bug challenge 2015 briefing]]> Sun, 01 Mar 2015 00:00:00 80750cd2-aac6-0045-22ea-5b24473fd6f8 https://www.securify.nl/blog/SFY20150501/spot-the-bug-challenge-2015-briefing.html <![CDATA[Glype proxy local address filter bypass]]> Mon, 01 Sep 2014 00:00:00 f6c11e9f-5c0f-0143-b2d4-2144cd5ef384 https://www.securify.nl/advisory/glype-proxy-local-address-filter-bypass <![CDATA[Glype proxy cookie jar path traversal allows code execution]]> Mon, 01 Sep 2014 00:00:00 efa32a30-3da8-77a4-5b82-d43b0fd8f345 https://www.securify.nl/advisory/glype-proxy-cookie-jar-path-traversal-allows-code-execution <![CDATA[Trainpooling]]> Thu, 01 May 2014 00:00:00 aed02a51-f030-fb50-deda-2afb65647485 https://www.spipm.nl/1401.html <![CDATA[Hackerone DoS by GIF resize flooding]]> Fri, 01 Nov 2013 00:00:00 98a710a4-f0a5-b2e2-e558-22f23556327a https://hackerone.com/reports/400 <![CDATA[HackerOne DoS by JPG pixel flood]]> Fri, 01 Nov 2013 00:00:00 2a020fec-fb19-42b5-d052-644d4b21cfc3 https://hackerone.com/reports/390 <![CDATA[Hackerone DoS by PNG compression]]> Fri, 01 Nov 2013 00:00:00 e0f4511c-6b88-05b8-853a-2a82b79aa004 https://hackerone.com/reports/454 <![CDATA[Python library for creating PNG image data]]> Fri, 01 Nov 2013 00:00:00 b58f6ed2-bd04-da65-b6a6-b24e76e7f96d https://github.com/spipm/CreatePNG <![CDATA[Helpdesk - Stupid things people say]]> Wed, 01 Sep 2010 00:00:00 3bb1cb5d-d692-e6d7-83be-6dc0a0e3ff7c files/HelpdeskCommunicatieRelease.pdf