This weekend, we took part in Undutmaning, the annual Swedish CTF organized by FRA, the Swedish Armed Forces, and the Swedish Security Service. The challenges in Undutmaning are created by staff from the three agencies behind the competition. Some are designed to reflect what it can be like to work in these organizations, with the kinds of problems and questions their employees may face in everyday work, while others are simply meant to be fun, tricky, and challenging.…

I was still warm from landing persistence on the WAP4410N, so I decided to wrap this series with one last push. There’ll be more IoT adventures, but this is the final chapter for this device. While trying to backdoor the device, it became obvious there was much more to dig up, plenty of sharp edges hiding in plain sight. The next logical step? Go for total control without the WPA2 PSK or admin password.…

Just when you thought this series was dead, here comes part two. Hard to believe it’s been almost a year since the first post dropped, but paying customers always come first, and the first half of 2025 left little time for side projects. Now that we’ve finally arrived at this point, I hope the wait has been worth it. IoT doesn’t move at the breakneck speed of mainstream IT. These devices often stay in production for years, rarely patched, and almost never rebuilt from the ground up.…

On June 4–5, 2025, the annual Securityfest conference unfolded once again in the fair city of Gothenburg, Sweden. Last year’s edition was a blast, so I had high expectations going into this one. That is, until I realized it clashed with something even more important: my son’s graduation. Family comes first, even when buffer overflows are on the table. So, no on-site exploits for me this year. But I still rallied behind our CTF team from afar, cheering, debugging, and throwing digital confetti.…