• [CONTACT]
    • EMAIL :: contact @ adversec [dot] com
  • [SOCIAL]
    • GITHUB :: takeshixx
    • TWITTER :: @_takeshix
  • [RESEARCH]
    • PRESENTATIONS
      • Lifting the Fog on Red Star OS
        • 32C3 :: Slides :: Code
      • Woolim - Lifting the Fog on DPRK's Latest Tablet PC
        • 33C3 :: Slides
      • Exploring North Korea's Surveillance Technology
        • TROOPERS17 :: Slides
        • 6th No-Spy Conference :: Slides
    • TEXT
      • Dumping Decrypted Documents from a North Korean PDF Reader
      • Reversing and Patching .NET Binaries with Embedded References
      • Various writeups and scripts for easily running ARM VMs on QEMU with networking support.
      • Governmental Control of Digital Media Distribution in North Korea: Surveillance and Censorship on Modern Consumer Devices
      • Implementing an Obsolete VPN Protocol on Top of HTTP: Because Why Not?
      • Discover the Unknown: Analyzing an IoT Device
      • Cisco and the Maintenance Operation Protocol (MOP)
    • PUBLIC ADVISORIES
      • Arbitrary file read, command injection and local privilege escalation in innovaphone Linux Application Platform (LAP) allows full root access to the host system.
      • Open redirect vulnerability in innovaphone Virtual Applicante (IPVA).
      • Multiple remote code executions via template injections, SQL injections and XSS in Shopware before v5.2.25.
      • CVE-2017-8920 :: irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the R parameter without proper output encoding, aka XSS.
      • CVE-2016-6519 :: Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1.
  • [PROJECTS]
    • WEB
      • deen.adversec.com :: Experimental WebAssembly interface for go-deen. (Coming soon!)
      • myip.adversec.com :: Returns a client's IP address, command line friendly, with IPv6 support. Visit myip.adversec.com/help for more information.
      • dprktech.adversec.com :: An effort to gather information, data and software from DPRK-related research.
        • DPRK data mirror :: A mirror for data of various DPRK technology projects..
        • dprkdict :: A web-based viewer for North Korean dictionary files provided by the E-C-K app. Available on dprktech.adversec.com/engdprk.
      • kleber.io :: A pastebin with various features like paste encryption, file uploads, removal of metadata from uploaded files, an upload history and a RESTful, JSON-based API.
        • Kleber CLI :: Official command line client for kleber.io.
    • TOOLS
      • go-empdecrypt :: Decrypter for EIS passwords in Matrix24 configuration files.
      • go-deen :: Generic data decoding and encoding application (Golang port of deen).
      • static-toolbox :: Collection of statically linked tools, compiled and packaged with GitHub Actions.
      • deen :: Generic data encoding/decoding application built with PyQt5.
      • tools :: A collection of useful tools and code snippets to make various tasks easier.
      • csgo-overwatcher :: A tool that allows to investigate the actual suspects of CS:GO Overwatch cases.
      • python-ssllabs :: Python interface and command line client for the SSL Labs APIs.
      • Nmap Scripts :: A collection of Nmap NSE scripts.
        • knx-gateway-discover.nse :: Discovers KNX gateways by sending a KNX Search Request to the multicast address 224.0.23.12 including a UDP payload with destination port 3671.
        • knx-gateway-info.nse :: Identifies a KNX gateway on UDP port 3671 by sending a KNX Description Request.
        • sstp-discover.nse :: Check if the Secure Socket Tunneling Protocol is supported.
        • ip-https-discover.nse :: Checks if the IP over HTTPS (IP-HTTPS) Tunneling Protocol is supported.
        • mop-discover.nse :: Detect the Cisco Maintenance Operation Protocol (MOP) by sending layer 2 DEC DNA Remote Console hello/test messages.
    • ABANDONED PROJECTS
      • CTFPWNng :: A simple automation framework for attack-defense CTFs. (successor of CTFPWN)
      • KNXmap :: KNXnet/IP scanning and auditing tool for KNX home automation installations.
      • WebFixy :: On-the-fly decryption proxy for MikroTik RouterOS WebFig sessions.
      • hb-test.py :: Proof-of-Concept code for Heartbleed (CVE-2014-0160).
      • CTFPWN :: An exploit scheduling and flag submission framework for attack-defense CTFs implemented with Python's asyncio module.
      • ILSpy-CosturaPlugin :: A plugin for ILSpy that loads references that have been embedded as resources with Costura.
      • tskmgr :: Simple task/project management tool with a console UI.
      • xss-board :: Example app for a simple Cross-Site Scripting (XSS) CTF challenge using Zombie.js.
      • laf :: An abandoned old script that searches for administrative login pages.
      • sstp-tools :: Initial information gathering for SSTP research.
      • ip-https-tools :: Basic information gathering and tools for the IP-HTTPS protocol used by DirectAccess..
    • MISC
      • Advent Calendar of Advanced Cyber Fun 2020 :: A technical advent calendar with CTF-like services where a new port opens every day, 2020 edition.
      • Advent Calendar of Advanced Cyber Fun 2018 :: A technical advent calendar with CTF-like services where a new port opens every day, 2018 edition.
      • forpy :: Generic network traffic forwarding with Python's asyncio module. A simple blueprint script that can be extended to manipulate any kind of traffic running through it.