Introduction There are a ton of ways to copy data between two systems. You can use a file sharing service on the Internet, transfer files via your self-hosted server or even use USB drives. This blog post shows a very simple and fast solution using IPv6 link-local addresses and a network cable. These link-local addresses allow you to communicate without the need of a router, Internet, static IP configuration or a DHCP server. You just need an Ethernet cable. ...

Introduction Last year, I bought the Birdie CO² monitor 1 to measure my CO² values at home. This air quality meter resembles a canary bird, referencing the days where canaries were used in coal mines to detect deadly carbon monoxide. When these stopped singing (or even collapsed 😥), this was a sign that the air quality was poor, and the workers needed to leave the mines 2. This is how the Birdie looks when the air quality changes from good to bad and again from bad to good: ...

Introduction I recently uploaded a file to a Nextcloud instance. After the upload, I saw that the file timestamp in Nextcloud is already some months old. But I just uploaded it, right? I double checked and saw that it matches the one on my local file system. How is this possible? Is a web application really able to read the last modification timestamp of the file? Apparently. I was not aware of this. In this post, I explain how this works and why you might care about this. ...

Introduction In my last blog post (Scanning for IP-Forwarding Systems / Routers), I explained why it can be useful during pentests to identify IP-forwarding systems (also known as routers or gateways) and showcased a script that can be used to identify such systems. In this post, I’ll show how this can be done in IPv6 networks when your host has a routable IPv6 address configured. Script The script can be found on GitHub: ip6-forwarding-scanner. The usage is quite simple: ...

Introduction Systems which have IP forwarding or routing enabled (so called routers or gateways) will forward IP packets to other networks where the system is connected to. In pentests, it can be useful to search for such systems, because these systems could be used to access otherwise inaccessible networks and systems. I wrote a small script that automates this task. Script The script can be found on GitHub: ip-forwarding-scanner. The usage is quite simple: ...