Having had some time to off to mull over what to do next and attend to some other priorities I decided it was time to get back to looking at this. But first, I had to address the issue of having to take my internet down every time I wanted…
UPDATE: https://eddiez.me/hacking-the-nokia-fastmile-pt2/ As a part of my 5G home internet offering, Optus bundles a 5G gateway called the Nokia Fastmile. The same device seems to be shipped by T-Mobile for their 5G offering and is passionately known as the 'trashcan' in r/tmobileisp. Nokia Fastmile Stock PhotoNaturally,…
With all the issues I was having with my old ISP, I decided to make the leap and move onto Optus 5G Home Internet. My experience so far has been pretty stellar and I'm currently paying the same amount as I was with my previous provider for quicker speeds. The…
The Android application HTTP File Server (Version 1.4.1) by 'slowscript' is affected by a Path Traversal vulnerability which permits arbitrary directory listing, file read, and file write. Versions below 1.4.1 are also probably impacted but I have not validated this. The application permits users to configure…
UPDATE: I contacted my ISP about this app. They noted that during the install process there's a 'BEGIN' button with text under it that says 'By tapping "begin" you accept our EULA. I don't think it sufficiently covers what they are doing still. The app's name is RouteThis. Beyond this,…
Homelab [hom-læb](n): a laboratory of (usually slightly outdated) awesome in the domicile. - r/homelab Homelabbing is how I learn things I don't otherwise get to learn at work. In this post I share some of the hardware I settled on to build my lab. It all started with…
Nessus Pro is a great vulnerability scanner but analysing results quickly becomes unwieldy once you have more than a couple of scheduled scans or a large scan space. So I wrote a tool to export Nessus results using the API into a relational database. https://github.com/eddiez9/nessus-database-export EER…
This is one of those projects where I never stopped to ask why. But just in case you also want a vacuum cleaner that can double as a Spotify Connect speaker, I can help point you in the right direction. First, the end result: This requires very little technical ability…
In a recent penetration test I came across a novel technique to transfer files into restrictive VDI environments where all conventional ways of transferring files had been disabled. It's not rocket science but I thought it was interesting enough to warrant a brief write-up. TLDR; Base64 encode the file -&…
Throughout Offensive Security's CTP course you may find yourself wanting to build your own home lab with old Windows VMs. I found it difficult to locate Windows ISOs that were both untouched and of the exact version I wanted. This is a method I found to be effective. Identify the…