PinnedIstván TóthinInfoSec Write-upsBackdooring ClickOnce .NET for Initial Access: A Practical ExampleThis blogpost is about demonstrating the awesome ClickOnce .NET backdooring technique by Nick Powers (@zyn3rgy) and Steven F (@0xthirteen)…8 min read·Jun 28, 2023--2--2
István TóthinInfoSec Write-upsFull disclosure: 0-day RCE backdoor in Teradek IP video device firmwaresThis is a report of a 0-day backdoor giving root shell access on Teradek IP video devices. Reported the issue to the manufacturer last…5 min read·Sep 3, 2021----
István TóthinInfoSec Write-upsUpdating Mimikatz in MetasploitMimikatz integrated in the current Metasploit Framework is a little bit outdated. If you want to use the recent features (like plaintext…5 min read·Jun 7, 2021----
István TóthMaking DLNA through site-to-site VPN workThere are articles about how does multicast routing across subnets work, but none of them was complete for my setup. Here is my solution.4 min read·Apr 4, 2021--5--5
István TóthinInfoSec Write-upsUsing a PIE binary as a Shared Library — HCSC-2020 CTF WriteupWriteup of a hard RE challenge hosted by the National Cyber-Security Center of Hungary featuring PIE binary to SO lib transformation.8 min read·Oct 23, 2020----
István TóthinInfoSec Write-upsJailbreaking iOS without a Mac (1/4): The PlanInstalling an unsigned iOS app (what is the prerequisite of jailbreaking) using Linux with (semi-)legitimate tools.5 min read·Sep 29, 2020--1--1
István TóthinInfoSec Write-upsRecovering a lost phone number using hacker mindsetRecently I have lost an important phone number accidentally as a consequence of wiping the data partition of my Android device (due to an…5 min read·Sep 12, 2020----