I was still warm from landing persistence on the WAP4410N, so I decided to wrap this series with one last push. There’ll be more IoT adventures, but this is the final chapter for this device. While trying to backdoor the device, it became obvious there was much more to dig up, plenty of sharp edges hiding in plain sight. The next logical step? Go for total control without the WPA2 PSK or admin password.…

Just when you thought this series was dead, here comes part two. Hard to believe it’s been almost a year since the first post dropped, but paying customers always come first, and the first half of 2025 left little time for side projects. Now that we’ve finally arrived at this point, I hope the wait has been worth it. IoT doesn’t move at the breakneck speed of mainstream IT. These devices often stay in production for years, rarely patched, and almost never rebuilt from the ground up.…

On June 4–5, 2025, the annual Securityfest conference unfolded once again in the fair city of Gothenburg, Sweden. Last year’s edition was a blast, so I had high expectations going into this one. That is, until I realized it clashed with something even more important: my son’s graduation. Family comes first, even when buffer overflows are on the table. So, no on-site exploits for me this year. But I still rallied behind our CTF team from afar, cheering, debugging, and throwing digital confetti.…

It was October again, Cybersecurity Awareness Month again. Just like last year, we participated in the Huntress CTF, which runs throughout the month. Here’s how the CTF is described: For this specific Capture the Flag competition, we hope to offer hands-on and practical exercises based around malware analysis, digital forensics and incident response, threat hunting or cyber threat intelligence, and general security. We will be releasing new challenges for you to play every single day throughout the month of October.…