👋 Hey, I'm Axel.

I'm an Offensive Security Researcher, and I like to write about: my findings, my journey learning new technologies, and my random musings on tech.

  • Jan 14, 2024

    Finding the PerfectPitch

    My apartment has a gated courtyard that you have to enter before being able to reach the front door. On the entrance to the gate is an RFID reader for a DK1-3 Key Fob that was issued to us when we moved in, and a callbox. The call box has an LCD display, full keypad, and a few “meta” keys used to navigate through the system. When you wake up the callbox, a list of resident’s names appear (which I’m not a huge fan of…), with the option to call. Once you call a resident, it gets forwarded to their phone with two-way audio, so you can talk to each other, but more importantly, the resident can press 0 on their phone to open up the gate.

    I was chatting with a friend when the thought came up - maybe I can play the same 0 audio tone from the callbox and trick it into opening up. An interesting idea, let’s try it!

  • Jan 7, 2024


    A few years ago I bought a low-quality projector from Amazon to watch movies in my room. To be honest, it works pretty well, has a decent brightness, and has like five different ways you can stream video/audio to it, so I can’t complain too much.

    It does have an interesting mode of operation where it broadcasts a WiFi network you can connect to, and then start controlling the device via a web interface. So what I’m seeing is: perfect hacking target.

  • Oct 8, 2022


    I was on a site browsing for wedding venues in Virginia (👀), and after scrolling down a page listing venues in Vienna, my entire screen changed to one of the typical “Your {Internet Browser} is out of date. Click here to update!”. Curiosity got the best of me, I clicked the link, and this created a mini-investigation of some interesting malware!

  • Mar 2, 2022

    You Wouldn't Download A Car

    YWDAC is a (tiny) vulnerability and (tiny) exploit for the Trading Paints software which gives you full RCE on a victim running the software, just by poisining their DNS.

  • May 5, 2021

    Mouse Trap

    I discovered six 0days that allow a remote attacker to get full RCE on a box with no user interaction. MouseTrap is a suite of vulnerabilities and accompanying exploits that targets the RemoteMouse application and service. As of the release date 05/06/2021, the vulnerabilities have not been patched.

  • Apr 14, 2021

    Icon Shuffle

    My friend and I were discussing how nerfarious it would be to shuffle someone’s icons on their desktop…