Deep dives into vulnerabilities, research findings, and offensive security techniques
Understanding firewall detection during post-exploitation is critical for mapping the control plane. Learn how to identify iptables, nftables, firewalld, UFW, and more on compromised Linux systems using a custom detection script shared publicly for the first time.
Read Full PostContinuing the post-exploitation series with lateral movement and pivoting techniques. Learn Living Off The Land (LOTL), SSH tunneling (local & remote port forwarding), SSH key reuse exploitation, and SOCKS proxying with proxychains for network access.
Read Full PostA shell is just a foothold. This series walks you through privilege escalation techniques on Linux/Unix systems including SUID exploitation, kernel vulnerabilities like DirtyCow, and sudo misconfigurations. Learn how attackers turn limited access into root.
Read Full PostCritical unauthenticated remote code execution vulnerability in React Server Components and Next.js. Discover how prototype pollution, promise confusion, and unsafe deserialization combine to create a devastating RCE attack vector affecting hundreds of thousands of exposed instances.
Read Full PostA reflection on how the underground hacking scene has evolved from exclusive information trading networks to public repositories. Exploring what was gained and what was lost in the shift from private channels to open-source knowledge sharing.
Read Full PostDiscovered a production GraphQL endpoint with introspection queries enabled, exposing the entire API schema. Learn how API reconnaissance through introspection can lead to sensitive data disclosure and other attacks using Gsec and Burp Suite.
Read Full PostCritical vulnerability in XWiki's SolrSearch macro allowing unauthenticated remote code execution. Learn how a single HTTP GET request can compromise an entire XWiki instance through Groovy template injection.
Read Full PostFrom version detection to reverse shell: exploiting critical vulnerabilities in Mirth Connect. Deep dive into CVE-2023-43208 authentication bypass and healthcare system exploitation techniques.
Read Full PostDiscovered a Jenkins server with exposed script console allowing unauthenticated access. Learn how to execute commands, extract AWS metadata, and establish reverse shells through Groovy script execution.
Read Full PostDeep dive into how I discovered a CORS misconfiguration vulnerability in Chime. Learn the methodology, exploitation techniques, and how to build a working PoC for information disclosure attacks.
Read Full PostDiscovered a critical vulnerability where the PURGE HTTP method is accessible without authentication, allowing attackers to clear website cache and cause severe performance degradation and potential DoS conditions.
Read Full Post