Rootless Containers with Podman

In modern digital infrastructure, containerization has become one of the most significant technologies, offering automation, portability, and resilience of services across cloud and on-premises environments. Containers can simplify backup processes and enhance upgrade safety while significantly reducing recovery times following system incidents or failed updates.This article provides an overview of the container technology and focuses … Continue reading Rootless Containers with Podman →

OWASP Top 10 2025 – A Pentester’s Perspective

Every three to four years, OWASP releases a new version of arguably its most famous project, the “OWASP Top Ten”. Originally started in 2003, this list serves as an awareness document to highlight the 10 most prevalent issues for web applications. The newest release marks the eighth iteration and has once again undergone a few … Continue reading OWASP Top 10 2025 – A Pentester’s Perspective →

Patching Android ARM64 library initializers for easy Frida instrumentation and debugging

Intro During both mobile security and mobile resiliency assessments, you often end up instrumenting the application to analyze its internals. By using either Frida or a classical debugger, we can gain valuable insight into the data flows and also modify some data on the fly to make the application behave the way we want it … Continue reading Patching Android ARM64 library initializers for easy Frida instrumentation and debugging →

Stop Hardcoding Passwords

A Deep Dive into CyberArk’s Central CredentialProvider (CCP) Introduction Hardcoded credentials are still among the most critical and overlooked security flaws in modern software development. From leaked Git repos to reverse-engineered binaries, static passwords are easy targets. They also make rotation and access control almost impossible. Enter CyberArk’s Central Credential Provider (CCP): a secure, centralized … Continue reading Stop Hardcoding Passwords →

Punch Card Hacking – Exploring a Mainframe Attack Vector

Mainframes are the unseen workhorses that carry the load for many services we use on a daily basis: Withdrawing money from an ATM, credit card payments, and airline reservations to name just a few of the high volume workloads that are primarily handled by mainframes. For those that like to see figures to support this … Continue reading Punch Card Hacking – Exploring a Mainframe Attack Vector →

Format String Exploitation: A Hands-On Exploration for Linux

Format String Exploitation Featurerd Image

Summary This blogpost covers a Capture The Flag challenge that was part of the 2024 picoCTF event that lasted until Tuesday 26/03/2024. With a team from NVISO, we decided to participate and tackle as many challenges as we could, resulting in a rewarding 130th place in the global scoreboard. I decided to try and focus … Continue reading Format String Exploitation: A Hands-On Exploration for Linux →