Sometimes I hear that network address translation (NAT) is considered a security feature. Unforunately, this is not necessarily true and I will try to demonstrate why with a practical example:

Git comes with a "git daemon" command that allows to easily provide access to a repository so that it can be cloned with git clone git://host/repo.git. In

I recently came across a situation where I had to download my SSH public key over the internet, but without common tools like netcat or a webserver. Therefore, I decided

The blogpost is a follow-up to my last post about the "Jins2 Template Injection RCE" in the iCTF 2017 "flasking unicorns" service. This time it is about bypassing blacklist filtering