1. Andy Codes
  2. Blog
    ❱
    1. Security Research
      ❱
      1. 2025-04-07 - Designing Secure Space Systems
      2. 2025-03-29 - NASA cFS - Vulnerability Research
      3. 2025-03-07 - NASA F' - Vulnerability Research
      4. 2024-11-27 - The Ultimate Handheld Hacking Device - My Experience with NetHunter
      5. 2024-11-08 - Quack-quack - HID attacks with NetHunter
      6. 2024-11-06 - Flashing an OS image to your Android device
      7. 2024-08-21 - How to crash a Spacecraft – DoS through Vulnerability in NASA CryptoLib v1.3.0
      8. 2024-08-09 - Ground Control to Major Threat: Hacking the Space Link Extension Protocol
      9. 2024-07-17 - IDOR's in NCIA ANET v3.4.1
      10. 2024-05-21 - Remote Code Execution via Man-in-the-Middle (and more) in NASA's AIT-Core v2.5.2
      11. 2024-01-16 - Exploiting the Apache Karaf Console
      12. 2024-01-12 - Exploitation of the OSGi console
      13. 2023-11-02 - XSS in NASAs Open MCT v3.0.2 - data exfiltration
      14. 2023-10-13 - Yamcs Vulnerability Assessment
      15. 2023-10-12 - Prototype Pollution in NASAs Open MCT CVE-2023-45282
    2. Personal
      ❱
      1. 2024-12-29 - What a year 2024 has been - a brief summary
      2. 2024-09-17 - ChatGPT wrote a Rust program for me that generates an RSS feed from Markdown files
      3. 2024-09-16 - Navigating the Leap: My Journey from Software Engineering to Offensive Security
      4. 2024-01-17 - Getting a Black Belt in Wi-Fu - OSWP Review
      5. 2023-10-19 - My Journey to Finding My First 0day/CVE
      6. 2023-08-05 - How I Failed OSWA Exam
      7. 2023-01-12 - ADwalk: simple PowerShell script to enumate Active Directory
      8. 2022-12-20 - clif: simple command-line application fuzzer
      9. 2022-12-12 - nansi: simple tool for task automation
    3. Mid-career Transition to Infosec
      ❱
      1. 0x07 (2023-07-23)
      2. 0x06 (2023-03-19)
      3. 0x05 (2023-01-16)
      4. 0x04 (2022-09-01)
      5. 0x03 (2022-08-10)
      6. 0x02 (2022-04-27)
      7. 0x01 (2022-03-10)
  3. About
  4. Trophies
  5. Tools
  6. Exploits

Andy Codes

Exploits I've developped or controbited to

Karaf v4.4.3 Console RCE

[Exploit-DB] [GitHub]

OSGi v3.8-3.18 Console RCE

[Exploit-DB] [GitHub]

OSGi v3.7.2 Console RCE

[Exploit-DB] [GitHub]