Welcome!

CackalackyCon 2025 was great! Thanks to everyone who came to watch my talk. As promised here are various links to the material. - Github Repo with Everything - Slides - Dump Single Key With Headers - Dump all Keys with Headers - Dump all Keys without Headers - Headerless_kernel.py -…

In the last entry of this series we created a Linux kernel module which was able to dump keys from the Linux Kernel Key Retention Service. The kernel module was limited to only x86_64 machines with a mainline Linux kernel. It also required having the appropriate Linux kernel headers. Access…

The Kernel Key Retention Service (KKRS) is an in-kernel key management and retention feature, which provided a secure method for storing secrets on Linux systems. With this feature, it is possible for processes to process cryptographic material without having direct access to the key material. Instead, the kernel would handle…

Hacking smart IOT devices that have a web interface typically depends on the same skill set as web application hacking. Plenty of resources exist that cover web application hacking and these resources largely map 1-to-1 with IOT devices. But what about IOT devices that are missing a web interface, how…

Let's explore the world of Android WebViews through two popular applications - an Android email client and an advertising platform. Through these case studies, we will learn how insecure WebViews provided remote attackers and advertisers access to user's external storage. Thanks ThotCon. Missed the Talk? Checkout the recording from Shmoocon…

A few months ago, I was testing the email functionality on a company’s contact us page, when I sent an email to myself containing: <script> alert("Hi, It's almost lunch time") </script> It actually was close to lunch time, so I wrapped up testing and waited for the email to arrive…