Beware of wilcards paths in sudo commands

7 minute read

Say you want to allow a non-root user on Linux to execute a couple of scripts as root or another user with more privileges. A common way of doing this is to ...

Python tarfile directory traversal

12 minute read

Currently, there’s a lot of hype around the behavior of Python’s tarfile module for extracting archives. In short: tarfile will not sanitize filenames in arc...

CRTP Certification Review

23 minute read

A couple of days ago I took the exam for the CRTP certification by Pentester Academy. In this review I want to give a quick overview of the course contents, ...