Wednesday 25 May 2016



after 5 years I decide to close this blog. The same I will do with my LinkedIn
and Twitter account so I will not be available any more.

I would like to thank you all for watching and supporting me during those years. :)

"Have fun & good luck."



Sunday 15 May 2016

[EN] MS Excel 2010 DoS (poc)

Below you will find DoS poc for MS Excel 2010.

Found during some fuzzing exercises... ;)

Also you will find a small description, directly from Windbg:

Friday 13 May 2016

FristiLeaks: 1.3 CTF Writeup

During last day I had a pleasure to play FristiLEaks CTF prepared by Ar0xA. Thanks! ;)
It was a good idea to choose this one as well as a lot of fun when I was wondering how to get root.

Below you will find a solution how to get the flag (and to "love Fristi"! ;))
(For those who want to read other writeups for Fristi, you can find them here.)

Here we go...

Monday 9 May 2016

CrackMe by Rapture - solved


this time we will analyze and patch another small and simple .NET crackme.
This time we will check "FishMe #1 by Rapture". You can find it at

Like before we need HxD and .NET Reflector (but you can use your favourite tools to do it as well).

Let's get to work!

CrackMe by Rayko - solved

During last few days I was checking crackmes from this page (BTW great place to check if you're learning reversing and cracking).

Below you will find one simple solution for crackme found in ".Net" category: CrackMe By Rayko.

Friday 29 April 2016

Another DoS in MS Publisher 2010

During last week I found few more NULL ptrs in MS Office Publisher (2010 for Windows 7).

Thursday 3 March 2016

BrokenWebapps - CTF writeup

When I was looking for a new CTF, I found interesting website with multiple CTFs ISO and VM images, prepared (vulnerable) to hack. I decided to try OWASP Project called BrokenWebapps (VM I’ve tried was OWASP_Broken_Web_Apps_VM_1.2).

I prepared the VM and started another one (this time with Kali2.0 – both on VirtualBox). As far as I know, we can treat this VM as a big WWW server, hosting multiple webpages.

Sunday 27 December 2015

Joomla CVE-2015-7857 writeup

(I wrote this as a 'note' in 14.12.2015 but in case that all information are already public,
below you will find proof of concept and little write-up for vulnerability described in this CVE.)

Saturday 26 December 2015

New version of Lime Survey

As far as I know LimeSurvey is already updated, so below you will find all described vulnerabilities I found nearly 2 months ago during some small 'code review' exercises.

Response from LimeSurvey Team was very fast! :)

Found: 4.11.2015
Sent:    5.11.2015
Resp:   5.11.2015

AFAIK all findings were fixed in 48h. So... here we go:

Saturday 24 October 2015

[EN] SOAP testing

During one of last projects I needed to test some webservices.

I was wondering: if I can do it with Burp or by manual testing,
maybe I can also write some quick code in python...

And that's how I wrote