Hello, I'm Michael

Genmitsu Sainsmart 3018 PROver CNC debugging

Posted on February 5, 2022

I recently purchased a Genmitsu Sainsmart 3018 PROver CNC machine, with a GRBL v1.1 control board. I’ve spent more time then I’d care to admit on simple, silly things. So I’ll be documenting them here for my posterity. Hopefully this can help you on your CNC journey. [Read More]

Privilege Escalation Exploits in Cobbler's API

Posted on August 2, 2018

TL;DR: There are several privilege escalation vulnerabilities in Cobbler’s XMLRPC API. There are also many endpoints that are not validating the auth tokens passed to them. As a result, the API is effectively unauthenticated. Consider using a firewall to restrict access to the /cobbler_api endpoint. [Read More]

README badges are vulnerabilities

Posted on June 22, 2018

TL;DR: Badges are not magic. They are just image hotlinks, and therefore you need to be able to trust the third party who serves them. [Read More]

Building Bots to mend Broken Badges (or how to get your GitHub account suspended)

Posted on March 8, 2018

TL;DR: Many badges were broken since they were using the shuttered pypip.in site. I wrote a bot that could fix these and automatically submit pull requests with the changes. And then I had my GitHub account suspended. Do not make automatic unsolicited pull requests. [Read More]