Deciphering the FileMaker Server keystore
A description of how FileMaker Server stores secrets and how to approach deciphering an unknown keystore.
Recent Posts
Uploading files to FileMaker Server without a Pro client
Back in the dark ages the FileMaker Server admin console (then Java Web Start) allowed you to remotely upload new fmp12 files to the server. For some reason ...
Beware of wilcards paths in sudo commands
Say you want to allow a non-root user on Linux to execute a couple of scripts as root or another user with more privileges. A common way of doing this is to ...
Reading Aranet4 sensor data from Python
How to get current readings from your Aranet4 CO2 monitor
SVG and JavaScript: transform viewport coordinates into element coordinates
A couple of months ago I built a JavaScript application that allows adding points and labels to locations on a building floorplan. The whole canvas (not HTML...
Handling and confirming (interrupt) signals in Python
Learn how to handle interrupts and other signals in Python.
Python tarfile directory traversal
Currently, there’s a lot of hype around the behavior of Python’s tarfile module for extracting archives. In short: tarfile will not sanitize filenames in arc...
nginx alias misconfiguration allowing path traversal
I recently came across an nginx server that had a vulnerable alias configuration which allowed anyone to read files outside the intended directory. In the fo...
Monitoring FileMaker scheduled scripts
Tutorial about monitoring FileMaker scheduled scripts for uptime
Terraform: Change EC2 user_data without recreating instance
When you have set up your infrastructure with Terraform and then do any change to the user_data of a EC2 instance, Terraform will detect the change and gener...