Luke ParisinParadoxisYAFPC — Unauthenticated Remote Code ExecutionTwo separate flaws exist in the YAFPC (Yet Another Free PDF Composer) appliance which allows an attacker to gain remote code execution.Jan 14, 2023Jan 14, 2023
Luke ParisinParadoxisStegCracker 2 ReleasedA long time ago, on an awesome pentesting platform far far away, I had a problem. A problem many people that play CTF challenges can…Mar 25, 2019Mar 25, 2019
Luke ParisinParadoxisBaking Flask cookies with your secretsA few weeks back, I and a friend of mine were discussing web frameworks and how he claimed to have made an ‘Impossible to Bypass’ login…Jan 26, 20191Jan 26, 20191
Luke ParisinParadoxisFingerprinting Web Servers with GitBefore I begin, I’d like to give a little backstory on how I came to building the tool I’m about to show. Recently, I was doing an online…May 21, 2018May 21, 2018
Luke ParisDear RecruitersBefore i begin my post, I’d like to point out I don’t have any ill intentions towards recruiters or the companies that employ them, in…Dec 13, 2017Dec 13, 2017
Luke ParisinParadoxisSHA2017 — A recap of insanityTo summarize the last five days of my life, I can’t think of anything other than “amazingly chaotic”, and I loved every minute of it. If…Aug 10, 2017Aug 10, 2017
Luke ParisinParadoxisThe PHP module backdoor II — The falloutA little over a week ago I published a post to my blog titled ‘Your interpreter isn’t safe anymore — The PHP module rootkit’.Jun 23, 2017Jun 23, 2017
Luke ParisinParadoxisBackdooring the PHP interpreterEditor’s note: The following post was written in 2017 at the very start of my career in Cyber Security. I was inspired to make a simple…Jun 12, 20174Jun 12, 20174