Toggle between light and dark mode.
Your selection will not be saved. From GDPR with ❤.

Hi, my name is Tobias Klein, and this is my personal website.

I'm an author, hacker and co-founder.

Books* I've Written.

* on information security-related topics 💬

A Bug Hunter's Diary

A Guided Tour Through the Wilds of Software Security

No Starch Press, 2011

Buffer Overflows und Format-String-Schwachstellen

Funktionsweisen, Exploits und Gegenmaßnahmen

dpunkt.verlag, 2004

Linux Sicherheit

Security mit Open-Source-Software — Grundlagen und Praxis

dpunkt.verlag, 2001

Vulnerabilities I've Published.

🧪 The following is a list of the vulnerabilities I’ve discovered that have been publicly disclosed.

ISC BIND Logic Error (TSIG Remote Denial of Service)

Details: TKADV2020-002 | CVE-2020-8617 | Vendor Advisories: 1, 2

ISC BIND Logic Error (DNS Rebinding Protection Bypass)

Details: TKADV2020-001 | Vendor Advisories: 1, 2, 3

Google Chrome Signed Integer Overflow

Details: TKADV2018-001 | CVE-2018-6034 | Vendor Advisory

Google Chrome Heap Buffer Overflow

Details: TKADV2017-003 | CVE-2017-5112 | Vendor Advisory

Google Chrome Use of Uninitialized Memory

Details: TKADV2017-002 | CVE-2017-5117 | Vendor Advisory

Mozilla Firefox and Thunderbird OOB Array Access

Details: TKADV2017-001 | CVE-2017-7754 | Vendor Advisories: 1, 2, 3

Apple Mac OS X QuickDraw Manager Buffer Overflow

Details: TKADV2013-003 | CVE-2013-0975 | Vendor Advisory

Adobe Reader and Acrobat Integer Overflow

Details: TKADV2013-002 | CVE-2013-2727 | Vendor Advisory

Apple Mac OS X PDF Ink Annotations Use-After-Free

Details: TKADV2013-001 | CVE-2013-0971 | Vendor Advisory

Apple iOS OfficeImport Buffer Overflow

Details: TKADV2011-004 | CVE-2011-3260 | Vendor Advisory

Apple iOS OfficeImport Double Free

Details: TKADV2011-003 | CVE-2011-3261 | Vendor Advisory

Apple iOS & OS X OfficeImport Use of Uninitialized Memory

Details: TKADV2011-002 | CVE-2011-0208 | Vendor Advisories: 1, 2

Apple iOS & OS X OfficeImport Memory Corruption

Details: TKADV2011-001 | CVE-2011-0184 | Vendor Advisories: 1, 2

Apple iOS & OS X OfficeImport Memory Corruption

Details: TKADV2010-006 | CVE-2010-3786 | Vendor Advisories: 1, 2, 3, 4

Oracle Solaris Zones Denial of Service

Details: TKADV2010-005 | CVE-2010-2393 | Vendor Advisory

Google Chrome OOB Array Access

Details: TKADV2010-004

Avast Kernel Driver Memory Corruption

Details: TKADV2010-003 | CVE-2010-0705

Apple iPhone OS & OS X CoreAudio Stack Buffer Overflow

Details: TKADV2010-002 | CVE-2010-0036 | Vendor Advisories: 1, 2

Oracle Solaris Kernel NULL Pointer Dereference

Details: TKADV2010-001 | CVE-2010-0453 | Vendor Advisory

Apple iPhone OS AudioCodecs Heap Buffer Overflow

Details: TKADV2009-007 | CVE-2009-2206 | Vendor Advisory

Winamp (libsndfile) Heap Buffer Overflow

Details: TKADV2009-006 | CVE-2009-1788

xine-lib Quicktime STTS Atom Integer Overflow

Details: TKADV2009-005 | CVE-2009-1274

FFmpeg Type Conversion Vulnerability

Details: TKADV2009-004 | CVE-2009-0385

GStreamer Heap Overflow and OOB Array Access

Details: TKADV2009-003 | CVE-2009-0386, CVE-2009-0387, CVE-2009-0397

Amarok Integer Overflow and Unchecked Allocations

Details: TKADV2009-002 | CVE-2009-0135, CVE-2009-0136

Sun Solaris Kernel Integer Overflow

Details: TKADV2009-001 | CVE-2009-0132 | Vendor Advisory

Sun Solaris Kernel NULL Pointer Dereference

Details: TKADV2008-015 | CVE-2008-5689 | Vendor Advisory

MPlayer Stack Buffer Overflow

Details: TKADV2008-014 | CVE-2008-5616

VLC media player Integer Overflow

Details: TKADV2008-013 | CVE-2008-5276 | Vendor Advisory

VLC media player Stack Buffer Overflow

Details: TKADV2008-012 | CVE-2008-5032 | Vendor Advisory

VLC media player Stack Buffer Overflow

Details: TKADV2008-011 | CVE-2008-5036 | Vendor Advisory

VLC media player Stack Buffer Overflow

Details: TKADV2008-010 | CVE-2008-4654 | Vendor Advisory

WebEx Meeting Manager Stack Buffer Overflow

Details: TKADV2008-009 | CVE-2008-3558

G DATA Kernel Driver Memory Corruption

Details: TKADV2008-008

Linux Kernel Info Disclosure and NULL Pointer Dereferences

Details: TKADV2008-007 | CVE-2008-3792

CA HIPS Kernel Driver Memory Corruption

Details: TKADV2008-006 | CVE-2008-2926

Linux Kernel Information Disclosure

Details: TKADV2008-005 | CVE-2008-3272 | Vendor Advisory

Kaspersky Kernel Driver Stack Buffer Overflow

Details: TKADV2008-004 | CVE-2008-1518

Sun Solaris Kernel Integer Overflow

Details: TKADV2008-003 | CVE-2008-2710 | Vendor Advisory

Avast Kernel Driver Memory Corruption

Details: TKADV2008-002 | CVE-2008-1625

Panda Kernel Driver Memory Corruption

Details: TKADV2008-001 | CVE-2008-1471

Mac OS X Kernel Memory Corruption

Details: TKADV2007-001 | CVE-2007-4686 | Vendor Advisory

Apple QuickTime Heap Buffer Overflow

Details: TKADV2007-002 | CVE-2007-3750 | Vendor Advisory

Mac OS X Kernel Stack Buffer Overflow

Details: TKADV2007-003 | CVE-2007-4267 | Vendor Advisory

Check Point VPN-1 Kernel Driver Memory Corruption

Details: TKADV2007-005

MyBB SQL Injection

Details: TKADV2005-12-001 | CVE-2005-4200 | Pre-notification

phpMyFAQ Cross Site Scripting

Details: TKADV2005-11-004 | CVE-2005-3734

Mantis SQL Injection and Cross Site Scripting

Details: TKADV2005-11-002 | CVE-2005-4518, CVE-2005-4519, CVE-2005-4520, CVE-2005-4521, CVE-2005-4522, CVE-2005-4523, CVE-2005-4524

PHPlist SQL Injection, Path Traversal, and XSS

Details: TKADV2005-11-001 | CVE-2005-3555, CVE-2005-3556, CVE-2005-3557

phpMyAdmin Cross Site Scripting

Details: TKADV2005-10-001 | CVE-2005-3301

Tools I've Developed.

Currently unmaintained and only kept here for historical reasons 🤷‍♂️

checksec.sh

A little tool for quickly surveying the mitigation technologies in use by processes on a Linux system. The script also lists the status of various Linux kernel protection mechanisms.

Latest Version: v1.5 from 2011

ScoopyNG

The VMware detection tool.

Latest Version: v1.0 from 2008

Articles I've Written.

Below is a selection of articles I have published online .. 💎

All Your Private Keys are Belong to Us

How to Find and Extract RSA Private Keys and Certificates Hidden in Large Amounts of Data

Last updated on December 6, 2020

RELRO

A (not so well known) Exploit Mitigation Technique

Last updated on February 21, 2009

.. and in print ..

Nicht durch die Hintertür

Einsatz von Exploit-Mitigation-Techniken

iX Magazin 05/2011, S. 108

Vergängliche Spuren

Live-Analyse von Computersystemen

iX Magazin 10/2006, S. 128

Get in Touch.

You can contact me at tk@trapkit.de.

My PGP 🔑 for email encryption.

I also have a account.