Recent Blog Posts
Three Confirmed Vulnerabilities in Truesec LAPSWebUI
I work for Reversec since April 2025. My first blog post for them tells that I found some vulnerabilities in LAPSWebUI in a client engagement and reported the findings to the vendor Truesec, who confirmed most of them and issued a new version with fixes.
read more
Wardriving 2024: Using Electricity Meter Readers to Get In
Do you pentest IoT equipment before joining it to your network? I did, fortunately. I bought a Swedish reader to connect to the P1 port of my electricity meter, and found a number of vulnerabilities that in combination let an attacker “wardriving” outside my house use the P1 reader to join my Wi-Fi network!
So it’s true what they say: the S in IoT stands for Security! ;)
The Akamai Origin Disclosure Non-vulnerability
When working for my employer Sentor I discovered an origin disclosure vulnerability in Akamai GTM, but they didn’t agree it was a vulnerability. I blogged about it on the company blog: The Akamai origin disclosure non-vulnerability
read more
Vulnerability Disclosure: Authentication Bypass in Auth0
When working for my employer Sentor I discovered an authentication bypass vulnerability in Auth0. I blogged about it on the company blog: Vulnerability disclosure: Authentication bypass in Auth0
read more
Vulnerability Disclosure: Session Fixation in Auth0
When working for my employer Sentor I discovered a session fixation vulnerability in Auth0. I blogged about it on the company blog: Vulnerability disclosure: Session fixation in Auth0
read more