Quentin Kaiser

@qkaiser@infosec.exchange
95 Followers
99 Following
22 Posts
Offensive security / vulnerability finder. security researcher @onekey_sec / @konkretesec founder / @ecoswtf initiator
Bloghttp://quentinkaiser.be
Quentin KaiserJul 25
Ended my 4 years blogging hiatus with a tutorial on modding the latest Tapo C200 firmware to get root. No vuln but some hardware/firmware hacking stuff and some notes about TP-Link and engineering resources allocations. https://quentinkaiser.be/security/2025/07/25/rooting-tapo-c200/
Rooting the TP-Link Tapo C200 Rev.5

Letโ€™s explore ways to mod a Tapo C200 Rev.5 firmware in order to gain root access to a running device.

QTNKSR
Quentin KaiserApr 25

Embargo lifted. We automatically identified issues affecting Viasat satellite modems that could be exploited for RCE.

https://www.onekey.com/resource/security-advisory-rce-on-viasat-modems-cve-2024-6198

Security Advisory: Remote Code Execution on Viasat Modems (CVE-2024-6198) | ONEKEY Research | Research | ONEKEY

Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in Viasat modems. Learn about the risks and recommended actions.

Quentin KaiserFeb 1
Iโ€™ll be at FOSDEM the whole day this Sunday, probably between kernel, python, and SBOM dev rooms. Reach out if you wanna chat :)
Quentin KaiserOct 31, 2023

unblob version 23.10.31 ๐ŸŽƒ is out ! Includes many improvements for spoOoky file formats like CPIO, tar v7, and truncated FAT images. We also support Python 3.12 so Arch users are not left behind.

Release notes: https://github.com/onekey-sec/unblob/releases/23.10.31
#python #firmware #reverseengineering

Release 23.10.31 ยท onekey-sec/unblob

What's Changed fix(extractor): improve post-extraction permission fixing. by @qkaiser in #646 Enhance FileSystem class by @e3krisztian in #642 handle a potential race condition when deleting log f...

GitHub
Quentin KaiserJun 13, 2023
Marco IvaldiJun 13, 2023

#Xortigate, or CVE-2023-27997 - The Rumoured #RCE That Was

#Fortinet #Fortigate

https://labs.watchtowr.com/xortigate-or-cve-2023-27997/

Xortigate, or CVE-2023-27997 - The Rumoured RCE That Was

When Lexfo Security teased a critical pre-authentication RCE bug in FortiGate devices on Saturday 10th, many people speculated on the practical impact of the bug. Would this be a true, sky-is-falling level vulnerability like the recent CVE-2022-42475? Or was it some edge-case hole, requiring some unusual and exotic requisite before

watchTowr Labs - Blog
Quentin KaiserFeb 2, 2023
racheltobac Feb 2, 2023
We at WISP just got an amazing scholarship from OffensiveCon in Berlin! We are giving out 5 @wisporg + @offensive_con scholarships with travel, con, and training covered! All are welcome to apply. The application is now open. The deadline to apply is March 1: https://forms.gle/wLaXkDKz3LcBKfs39
WISP - OffensiveCon Berlin Scholarship Application 2023

Thank you for your interest in being a WISP scholar at OffensiveCon! We're very excited to be able to partner with OffensiveCon to make this possible again. The deadline for this application is March 1, 2023. OffensiveCon is an international, highly technical, offensive security conference happening in Germany on May 19-20, 2023, with training before and after on May 15-18, 2023 and May 22-25, 2023. OffensiveCon will cover $2,500 EUR worth of travel expenses that can include: economy flights, ride share, meals en route, and travel health insurance (if needed). Once at the conference, all costs are pre-covered including food, hotel room, and conference ticket + training ticket cost. Scholars will need to submit travel expense receipts to OffensiveCon and the conference will pay back via PayPal to the scholar. Scholars will be reimbursed closer to conference time, not given the money up front by OffensiveCon. This may not be a match for all individual financial situations -- please do read this carefully and apply only if you are able to cover the travel costs and wait for reimbursement from OffensiveCon closer to the conference. 5 scholars will be selected and the contact details provided below will be shared with OffensiveCon to coordinate scholarship travel and reimbursement. Please only share an email address below that you are comfortable with OffensiveCon emailing you back on, should you be selected as a scholar. Hear from a 2021 OffensiveCon WISP Scholar: Juliette, here: https://www.wisporg.com/blog-posts/2022/3/3/qampa-with-wisp-offensivecon-scholar-juliette Privacy Policy: https://www.wisporg.com/privacy

Google Docs
Show threadQuentin KaiserJan 31, 2023
Launching calc with binwalk ๐Ÿ™ƒ
Quentin KaiserJan 31, 2023
Donโ€™t binwalk files from random strangers on the Internet - https://onekey.com/blog/security-advisory-remote-command-execution-in-binwalk/
Security Advisory: Remote Command Execution in binwalk

Learn about the security vulnerability in binwalk v2.1.2b-2.3.2 !

ONEKEY
Show threadQuentin KaiserJan 16, 2023
Severity score is medium due to the fact that an operator must do an export since the last reboot for it to be available. My take is that these devices run in industrial settings so highly unlikely to be rebooted at any time, increasing likelihood of export files to be present.
Quentin KaiserJan 16, 2023
Hereโ€™s our write up on a vuln affecting WAGO industrial controllers. You donโ€™t need leet hacking techniques when they just comment the authentication/authorisation part. https://onekey.com/blog/security-advisory-wago-unauthenticated-config-export-vulnerability/
๐Ÿšจ WAGO Alert: Unauthorized Configuration Exports Discovered ๐Ÿ”’ Learn How to Keep Your Industrial Controllers Safe ๐Ÿ‘‰

ONEKEY identified an unauthenticated configuration export in industrial controllers from WAGO . Read the latest Security Advisory here ๐Ÿ‘‰

ONEKEY