C:\hristian Mehlmauer
@firefart.bsky.social
Finally a use case for Microsoft Power Automate
September 11, 2025 at 7:04 AM
Finally a use case for Microsoft Power Automate
Reposted by C:\hristian Mehlmauer
Lockpicking? Of course! But this year, #BSidesVienna is cracking open some extra workshop slots. If your idea involves breaking, building, or teaching something useful — CfP and CfW will launch together soon. Get your ideas ready!
July 28, 2025 at 3:54 PM
Lockpicking? Of course! But this year, #BSidesVienna is cracking open some extra workshop slots. If your idea involves breaking, building, or teaching something useful — CfP and CfW will launch together soon. Get your ideas ready!
Reposted by C:\hristian Mehlmauer
It begins! On November 22nd, 2025, #BSidesVienna is back at Urania Sternwarte. Fresh insights, familiar faces, and the same legendary venue. More to come—stay tuned. bsidesvienna.at/venue/
Venue
BSidesVienna
bsidesvienna.at
July 24, 2025 at 8:48 PM
It begins! On November 22nd, 2025, #BSidesVienna is back at Urania Sternwarte. Fresh insights, familiar faces, and the same legendary venue. More to come—stay tuned. bsidesvienna.at/venue/
Reposted by C:\hristian Mehlmauer
Ever thought your kitchen appliance could harbor a persistent threat?
We reverse-engineered the Thermomix TM5 and uncovered vulnerabilities allowing arbitrary code execution, persistence, and secure boot bypass.
Discover our step-by-step breakdown!
www.synacktiv.com/en/publicati...
We reverse-engineered the Thermomix TM5 and uncovered vulnerabilities allowing arbitrary code execution, persistence, and secure boot bypass.
Discover our step-by-step breakdown!
www.synacktiv.com/en/publicati...
Let Me Cook You a Vulnerability: Exploiting the Thermomix TM5
Hardware Analysis The Thermomix TM5 is a multifunctional kitchen appliance composed of two key electronic boards: the power board, which handles the motor and heating functions, and the main board, w
www.synacktiv.com
July 11, 2025 at 8:44 AM
Ever thought your kitchen appliance could harbor a persistent threat?
We reverse-engineered the Thermomix TM5 and uncovered vulnerabilities allowing arbitrary code execution, persistence, and secure boot bypass.
Discover our step-by-step breakdown!
www.synacktiv.com/en/publicati...
We reverse-engineered the Thermomix TM5 and uncovered vulnerabilities allowing arbitrary code execution, persistence, and secure boot bypass.
Discover our step-by-step breakdown!
www.synacktiv.com/en/publicati...
Long time no see - Gobuster v.3.7.0 is released with a bunch of new features
github.com/OJ/gobuster/...
github.com/OJ/gobuster/...
Release v3.7.0 · OJ/gobuster
use new cli library
a lot more short options due to the new cli library
more user friendly error messages
clean up DNS mode
renamed show-cname to check-cname in dns mode
got rid of verbose flag and...
github.com
June 30, 2025 at 3:50 PM
Long time no see - Gobuster v.3.7.0 is released with a bunch of new features
github.com/OJ/gobuster/...
github.com/OJ/gobuster/...
It looks like Microsoft finally removed NTLMv1 from Windows Server 2025 🥳
learn.microsoft.com/en-us/window...
learn.microsoft.com/en-us/window...
Features removed or no longer developed starting with Windows Server 2025
Learn about the features and functionalities removed or no longer developed starting with Windows Server 2025.
learn.microsoft.com
December 6, 2024 at 9:14 AM
It looks like Microsoft finally removed NTLMv1 from Windows Server 2025 🥳
learn.microsoft.com/en-us/window...
learn.microsoft.com/en-us/window...
Reposted by C:\hristian Mehlmauer
Exclusive: The backdoor inserted in v1.95.7 adds an "addToQueue" function which exfiltrates the private key through seemingly-legitimate CloudFlare headers.
Calls to this function are then inserted in various places that (legitimately) access the private key.
Calls to this function are then inserted in various places that (legitimately) access the private key.
December 3, 2024 at 11:47 PM
Exclusive: The backdoor inserted in v1.95.7 adds an "addToQueue" function which exfiltrates the private key through seemingly-legitimate CloudFlare headers.
Calls to this function are then inserted in various places that (legitimately) access the private key.
Calls to this function are then inserted in various places that (legitimately) access the private key.
Reposted by C:\hristian Mehlmauer
We're doing a cool online talk tomorrow btw – hexarcana.ch/workshops/cv...
CVEs of SSH
A talk about recent high-profile issues related to the SSH ecosystem.
hexarcana.ch
November 20, 2024 at 7:19 PM
We're doing a cool online talk tomorrow btw – hexarcana.ch/workshops/cv...
Reposted by C:\hristian Mehlmauer
If you ever find yourself investigating random docker images, dive (github.com/wagoodman/dive) is amazingly useful. It lets you see which files changed in each filesystem layer. I've used it to spot config files accidentally left in images :)
GitHub - wagoodman/dive: A tool for exploring each layer in a docker image
A tool for exploring each layer in a docker image. Contribute to wagoodman/dive development by creating an account on GitHub.
github.com
November 20, 2024 at 12:17 PM
If you ever find yourself investigating random docker images, dive (github.com/wagoodman/dive) is amazingly useful. It lets you see which files changed in each filesystem layer. I've used it to spot config files accidentally left in images :)
Reposted by C:\hristian Mehlmauer
How does the new iOS inactivity reboot work? What does it protect from?
I reverse engineered the kernel extension and the secure enclave processor, where this feature is implemented.
naehrdine.blogspot.com/2024/11/reve...
I reverse engineered the kernel extension and the secure enclave processor, where this feature is implemented.
naehrdine.blogspot.com/2024/11/reve...
Reverse Engineering iOS 18 Inactivity Reboot
Wireless and firmware hacking, PhD life, Technology
naehrdine.blogspot.com
November 17, 2024 at 9:42 PM
How does the new iOS inactivity reboot work? What does it protect from?
I reverse engineered the kernel extension and the secure enclave processor, where this feature is implemented.
naehrdine.blogspot.com/2024/11/reve...
I reverse engineered the kernel extension and the secure enclave processor, where this feature is implemented.
naehrdine.blogspot.com/2024/11/reve...
Reposted by C:\hristian Mehlmauer
Just added a whole bunch more people to my Hackers starter pack 🥰 go.bsky.app/NRP3ecE
November 14, 2024 at 12:19 PM
Just added a whole bunch more people to my Hackers starter pack 🥰 go.bsky.app/NRP3ecE
Reposted by C:\hristian Mehlmauer
We have gotten a pretty much finalized shedule, you can check it out here:
cfp.bsidesvienna.at/bsv2024/sche...
cfp.bsidesvienna.at/bsv2024/sche...
https://cfp.bsidesvienna.at/bsv2024/schedule/
[1mBSidesVienna 0x7e8[0m
Get different formats:
curl https://cfp.bsidesvienna.at/bsv2024/schedule/\?format=table (default)
curl https://cfp.bsidesvienna.at/bsv2024/schedule/\?format=list
...
cfp.bsidesvienna.at
October 22, 2024 at 8:25 PM
We have gotten a pretty much finalized shedule, you can check it out here:
cfp.bsidesvienna.at/bsv2024/sche...
cfp.bsidesvienna.at/bsv2024/sche...
If you want to quickly identify clients on your corporate network using teamviewer just search your firewall logs for port 5938. Teamviewer will first try this port before "falling back" to the http protocol: www.teamviewer.com/en/global/su...
Ports used by TeamViewer
TeamViewer is designed to connect easily to remote computers without any special firewall configurations being necessary. This article applies to all users in all licenses. In the vast majority of cases, TeamViewer will always work if surfing on the internet is possible. TeamViewer makes outbound connections to the…
www.teamviewer.com
June 27, 2024 at 8:17 PM
If you want to quickly identify clients on your corporate network using teamviewer just search your firewall logs for port 5938. Teamviewer will first try this port before "falling back" to the http protocol: www.teamviewer.com/en/global/su...