Ole Aass

Ole Aass

Web Developer & Security Researcher

About Me

Web developer and security researcher from Norway, mostly focusing and specialized on server side development using PHP, but my skillset covers front end as well.

I also have experience with both offensive and defensive security, and posess the ability to both review code to find vulnerabilities, and to perform tests to exploit them. Mainly against web applications, but I have also played with binary exploitation.

When I have free time, I tend to spend it listening to music, watching movies and tv-shows, driving around to clear my head and being with friends and family.

Work Experience

Lead API Developer - The Future Group (2016 - 2017)

I am the lead developer of the API and wrote the in-house framework from scratch. I have also developed internal sites used to administer TV episodes, tournaments, etc using Laravel. In addition to this, I've helped setting up machines, local servers, and performed tests of security and some monitoring of external servers.

Researcher - SYN ACK Red Team (2015 - 2016)

As an independent penetration tester for SYN-ACK Red Team, my tasks was to test security in web applications.

Lead Developer - MowJow AS (2014 - 2015)

My main priorities was development and security. I developed a living algorithm and patched several vulnerabilities, both in the application and on the servers.

Lead Developer - Klopp AS (2010 - 2012)

I was lead developer, handled some support, did some project management and I was responsible for the application security

Projects

Snippets

Some handy PHP snippets to make my devlife easier

View more

Cuckoo

HVMC skeleton for the PhalconPHP framework

View more

Phalib

Custom PhalconPHP packages

View more

... view all

Videos

POP Chaining

In this video I show how POP chaining can be used to write arbitrary files to the web server. In this example I write a micro shell that allows remote command execution

Go to video

Shellshock reverse shell

This video show's how to exploit the shellshock vulnerability via the User-Agent header

Go to video

Boot2Root - SkyTower

Solving the SkyTower machine from VulnHub

Go to video

Boot2Root - Tr0ll 1

Solving the Tr0ll 1 machine from VulnHub

Go to video

More videos...