Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Mozilla's VPN client software has a live_reload command available over a websocket. This command reaches out to a server and writes the file to /tmp on the local machine.

This code contains a classic directory traversal. The path for the remote server is the same as the one that is written to. By adding a ../, it's possible to overwrite DLLs on a Windows system. This would, in all likelihood, lead to RCE on Windows.

The exploit required that staging servers be enabled, which seems to be a non-default setting. A classic vulnerability in 2025. Crazy!