Offensive Security Certified Professional (OSCP)
Ph.D. of Computer Science and Engineering, Chalmers University of Technology, Gothenburg, Sweden.
[ GitHub ] | [ LuftensHjältar ] | [ CTFTime ] | [ Mastodon ]
USB Skeleton Key
Some devices (tablet kiosks, buses, cars, air planes, advertising displays, …) expose a USB interface, either for user device charging or for development access or both. One way to lock these devices down is to limit the accepted USB devices, based on model or type or vendor ID. MacDongler is a scanner based on Linux USB Gadgets, which emulates a large number of USB devices and automatically determines which ones are accepted by a host. It can emulate network interfaces, serial ports, HID devices, and more!
Unicode is quite complex. Since there are many different ways to encode the same text, applications may use normalization to preprocess it into a predictable form. Strinvader is a tool to find multiple text inputs which normalize to the same (given) text. This is useful in security research, because sometimes security features such as block lists are applied to text before normalization. When attacking such an application, strinvader can generate a text encoding such as
www.exⓐmple.com which will pass the block list and be normalized to
www.example.com before being used. Interestingly, normalization rules vary slightly between implementations. Unicode normalization differs from python’s
str.lower() which differs from the URL parsing in node.js. For this reason, strinvader contains support for a number of different such normalization forms.
Power glitch generator
Hardware devices with opaque or protected firmware may still be vulnerable to hardware faults. One such hardware fault is a power glitch, a transient drop in the power feed. This can have a variety of effects, ranging from device restarts to failure of individual executed instructions. Spike is a Zephyr project for the Nordic Semiconductor nRF52840 DK development board, which is able to control a target device and perform power glitch attacks against it.
Clock glitch generator
Another hardware fault is caused by an unstable clock signal. Shortening individual clock cycles can have interesting effects on the instruction decoder/execution stages of a microprocessor, or adversely affect I/O. DESYNK is a work-in-progress project to explore this. It is based on the ICEbreaker development board, powered by the Lattice iCE40UP5k FPGA. DESYNK controls the clock signal driving the target device, and probes for the proper time and duration of clock inconsistency, in order to cause interesting software failures.
Scripts for binary ninja
A collection of utilities for the binja reverse engineering tool.
Fuzzer for the media metadata display of your car
A small web application which fuzzes the artist/title/album information of your “currently playing” notification. Run it on your phone and stream the audio by bluetooth to your target device. Hosted here for your convenience.
It won’t be a surprise, the second time I see this.
Running notes on CTF techniques, methodology, little tricks we’ve learned along the way.
Deck generator for Tabletop Simulator
Cardcinogen is a templating system which allows you to create styles for playing cards and populate those cards with content from your own data. This is useful to make expansions for card-based games such as Concept or Fluxx.
DIY USB joystick HID device
POD uses low-cost commodity components (an AVR ATMEGA-328 microcontroller with no USB hardware support) to implement a standard joystick. This lets you, for example, build the custom control panel of your tractor simulation dreams. By using the standard USB HID interface, no extra drivers or bindings are required to use it in typical PC games. The software USB stack used in POD is kindly provided by the V-USB library.
Capture-The-Flag scoreboard visualization
This program queries a live CTF scoreboard and presents the data in your terminal. Some fun animations are implemented, for example when a team grabs the first blood of one of the challenges. Several popular serverside systems are supported, and the design is modular to allow for easy addition of new backends (i.e. support for new online CTF scoreboard systems such as CTFd).
Command shell implemented in LaTeX
The LaTeX typesetting engine wasn’t intended for this.
I am the holder of an Offensive Security Certified Professional (OSCP) certification.
I’ve found and reported the following vulnerabilities in software projects:
|CVE-2023-30261||1 2||10.0||Multiple unauthenticated root RCEs in OpenWB|
|1 2||9.4||Unauthenticated RCE in ModBros mobro-raspberrypi|
|CVE-2023-30260||1 2||8.1||Multiple authenticated RCEs in RaspAP|
|CVE-2023-30258||1||9.4||Unauthenticated RCE in magnusbilling6 and magnusbilling7|
|CVE-2022-1215||1||7.1||Format string vulnerability in freedesktop's libinput|
|CVE-2022-0546||1||5.4||Multiple Out-of-bounds reads/writes in Blender (HDR loader)|
|CVE-2022-0545||1||7.1||Controlled out-of-bounds read/write in Blender (IMB_flipy)|
|CVE-2022-0544||1||4.6||Out-of-bounds read in Blender (DDS loader)|
|CVE-2022-0497||1||4.6||Out-of-bounds read in OpenSCAD (Comment parser)|
|CVE-2022-0496||1||4.6||Out-of-bounds read in OpenSCAD (DXF path)|
|CVE-2022-0699||1||Double-Free in shapelib (contrib/shpsort)|
|CVE-2023-30259||1||4.6||Out-of-bounds read in LibreCAD (importshp DBF parser)|
|CVE-2021-45847||1 2 3||5.3||Multiple NULL-pointer dereferences in Slic3r (3MF XML)|
|CVE-2021-45846||1||5.3||NULL-pointer dereference in Slic3r (AMF XML)|
|CVE-2021-45845||1||7.5||RCE in FreeCAD (Path Sanity Check script)|
|CVE-2021-45844||1||7.5||RCE in FreeCAD (ODA DWG import)|
|CVE-2021-45343||1||5.3||NULL-pointer dereference in LibreCAD (DXF HATCH 93)|
|CVE-2021-45342||1||7.8||RCE in LibreCAD (JWW CDataList)|
|CVE-2021-45341||1||7.8||RCE in LibreCAD (JWW CDataMoji)|
|CVE-2021-45340||1 2||5.7||NULL-pointer dereference in libSIXEL|
Via bug bounty programs, I’ve generated $500 for charity. By matching funds, Google VRP has generously provided an additional $500 of donations.
These donations have been made to the National Network of Abortion Funds.
The following is a list of my academic publications, to date:
[ PDF ] [ DOI ] FlatPack: Flexible Compaction of Compressed Memory
Albin Eldstål-Ahrens, Angelos Arelakis, Ioannis Sourdis
International Conference on Parallel Architectures and Compilation Techniques (PACT), 2022
[ DOI ] [ IEEE ] An Improved Model of LTE Random Access Channel
Evgeny Osipov, Laurynas Riliskis, Albin Eldstål-Damlin, Michael Burakov, Mats Nordberg, Min Wang
IEEE 77th Vehicular Technology Conference, 2013
[ PDF ] An LTE Random Access Channel Model for Wireless Sensor Network Applications
Mikael Burakov, Albin Eldstål-Damlin
Master’s Thesis, Luleå University of Technology, 2012
[ PDF ] A comparison of two modes for AEAD services in wireless sensor networks
Albin Eldstål-Damlin, Laurynas Riliskis
Technical Report, Luleå University of Technology, 2011
I’ve had the pleasure of being the advisor for the following Bachelor’s thesis work:
[ PDF ] [ URL ] Augmented Reality
Johan Yngvesson, Johannes Magnusson
Bachelor’s Thesis, Chalmers University of Technology, 2019
I’ve served as a reviewer for paper(s) for the following publications and conferences:
Computing Frontiers (CF) 2021
Design, Automation and Test in Europe (DATE) 2021
International Conference on Embedded Computer Systems: Architectures, Modeling and Simulation (SAMOS) 2021
Design, Automation and Test in Europe (DATE) 2020
Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFTS) 2020
Latin American Symposium on Circuits and Systems (LASCAS) 2020
Design, Automation and Test in Europe (DATE) 2019
Transactions on Architecture and Code Optimization (TACO) 2018
Field-Programmable Logic and Applications (FPL) 2017
International Symposium on Computer Architecture (ISCA) 2016
Highly Efficient Accelerators and Reconfigurable Technologies (HEART) 2016
Design, Automation and Test in Europe (DATE) 2016