A short guide on how to get IPv6 VPN working on Unifi Gateway Ultra using socat. This is especially helpful for ISPs that use carrier-grade NAT, a very restricted but common option service providers offer.| Markuta
The popular MFA provider Authy by Twilio doesn't support exporting TOTP tokens. You are forced to use their cloud backup solution. In this post I share how you could create an offline backup using a rooted Android device and a Python script with the help of Frida. I also briefly look into how the app works and backend API endpoints communication.| Markuta
Hacking the Amazon eero 6 (3rd gen 2020) wireless device part 2. In this blog post I will be going through the steps taken of trying to read a BGA153 eMMC flash chip, extracting and analysing the firmware image, whilst using cheap and easy to get equipment.| Markuta
A short blog on how to install and run the latest version (23.05 on ARMv8) of OpenWRT, with the LuCI web management, using QEMU. It covers the installation for macOS with the Apple M1 chip, however, this guide can be applied to any modern platform that supports QEMU.| Markuta
A technical blog post on finding and exploiting an authenticated JDBC deserialization vulnerability in JSCAPE MFT Server to gain remote command execution. This vulnerability is caused by an out-of-date H2 database library bundled into the default install package. A proof of concept is provided that works on Windows x64.| Markuta
A short blog on how to get root on an emulated device running Android 12 with rootAVD.| Markuta