An example why NAT is NOT security

 research

Sometimes I hear that network address translation (NAT) is considered a security feature. Unforunately, this is not necessarily true and I will try to demonstrate why with a practical example:

Downloading SSH Keys via DNS

 research

I recently came across a situation where I had to download my SSH public key over the internet, but without common tools like netcat or a webserver. Therefore, I decided

Jinja2 template injection filter bypasses

 research

The blogpost is a follow-up to my last post about the "Jins2 Template Injection RCE" in the iCTF 2017 "flasking unicorns" service. This time it is about bypassing blacklist filtering