Posts by Category
- IoT Exploitation 8
- Certificates 6
- Vulnerability/CVE Analysis 5
- Defense Evasion 4
- General 4
- MacOS 4
- Vulnerability-CVE-Analysis 2
- Notes 2
- Exploit Development 1
IoT Exploitation
CVE-2021-42885: deviceMac Remote Command Injection
A detailed analysis for CVE-2021-42885 a deviceMac Remote Command Injection vulnerability in TOTOLINK EX1200T model.
CVE-2021-42890: Hostime Remote Command Injection
A detailed analysis for CVE-2021-42890 a Remote Command Injection vulnerability affects TOTOLINK EX1200T model.
CVE-2021-42889: Access Points information leak
A detailed analysis for CVE-2021-42889 vulnerability that leaks the Access Point information.
CVE-2021-42886: TOTOLINK EX1200T Information disclosure vulnerability
Analysis for CVE-2021-42886 which is an Information disclosure vulnerability in TOTOLINK EX1200T which lead to unauth...
CVE-2021-42888: TOTOLINK EX1200T Remote Command Injection
Analyzing a remote command injection in TOTOLINK EX1200T device known as CVE-2021-42888.
CVE-2021-42887: TOTOLINK EX1200T LOGIN BYPASS
A detailed analysis for a login bypass vulnerability that affects the TOTOLINK EX1200T device.
Research: Kill the Router with one request
Explaining an unknown vulnerability in `ZXHN H168N V3.5` to kill the device with one request.
Exploit Writing (KILLx108): Kill ZTE Router
Exploit for unknown vulnerability in `ZXHN H168N V3.5` to kill the device with one request.
Certificates
OSWP Review & Guide
My OSWP Review and Guide.
OSMR Journey & Guide
My OSMR Journy and Guide
OSED Journey & Guide
My OSED Journy and Guide
eCPPT: The Honest Review
Honest Review for the eCPPT Certificate
eMAPT & Mobile Apps/Sec Guide
Honest Review & Guide for eMAPT Certificte
eCPTX: The Honest Review
Honest Review & Guide for eCPTX Certificate
Vulnerability/CVE Analysis
CVE-2021-38294: Apache Storm Nimbus Command Injection
Command Injection vulnerability that affects Nimbus server in apache storm.
CVE-2021-44521: Apache Cassandra Remote Code Execution
Detailed analysis for Apache Cassandra CVE-2021-44521 Remote Code Execution & Sandbox/Security Bypass.
CVE-2021-45232: Apache APISIX Dashboard Unauthorized Access & Unauth-RCE
Detailed analysis for CVE-2021-45232, an Unauthorized Access vulnerability in apache apisix & how it can be used to a...
Exploit Writing: CVE-2022-22733 Privilege Escalation & RCE
Writing Exploit for CVE-2022-22733: Apache ShardingSphere ElasticJob-UI.
CVE-2022-22733: Apache ShardingSphere ElasticJob-UI privilege escalation
Detailed analysis for CVE-2022-22733 a privilege escalation vulnerability through exposure of sensitive data.
Defense Evasion
Exploit Writing (N0Pspoof): Portspoof Evasion
Writing Exploit for Portspoof using C.
Research: Evading Portspoof Solution
Bypass portspoof solution by abusing it's logic.
Bypass The Anti-Virus - Part 2: Common Misconfigurations, Techniques & Attacks
Common Misconfigurations, Techniques & Attacks to bypass Anti-Virus.
Bypass The Anti-Virus - Part 1: Introduction
Introduction to Anti-Virus software and how it works.
General
CVE Analysis: Hacking a Crypto Network for Profit
How Analyzing a simple CVE led me to takeover a Crypto Network.
Pentest: From Customer to Full Application Takeover
A story of chaining low vulnerabilities to takeover an application in a pentest project.
Introduction to IOCTL (Input/Output CONTROL)
An Introduction to Input Output CONTROL (IOCTL)
Homograph Attack: Abusing IDNs for Phishing
How to abuse IDNs for Phishing.
MacOS
Exploit Writing Part 2: CVE-2023-26818 MacOS TCC Bypass W/ telegram
In the second part 2nd of writing exploit for the CVE-2023-26818, We level-up the exploit.
Exploit Writing Part 1: CVE-2023-26818 MacOS TCC Bypass W/ telegram
Writing full exploit for CVE-2023-26818: MacOS TCC Bypass W/ telegram
CVE-2023-26818 Part 2 (Sandbox): MacOS TCC Bypass W/ telegram using DyLib Injection
In 2nd part of the analysis for CVE-2023-26818, We discussing the app sandboxing in MacOS and show how to bypass it. ...
CVE-2023-26818 Part1: MacOS TCC Bypass with telegram using DyLib Injection
In this analysis we discussing a vulnerability exist in telegram app on MacOS known as CVE-2023-26818.
Vulnerability-CVE-Analysis
CVE-2023-24815: Vert.x-Web Path Traversal Escape
A detailed analysis for a vulnerability discovered in `Vert.x-Web` known as `CVE-2023-24815`.
CVE-2023-22809: Sudoedit Bypass - Analysis
A detailed analysis for CVE-2023-22809.
Notes
OSWP PlayBook: (Offensive Security Wireless Professional)
OSWP & Wireless Pentest Playbook
OSED Notes: (Offensive Security Exploit Developer)
OSED Notes and Guide Lines