Blog

Security research, exploit development, and technical write-ups covering various aspects of offensive security and penetration testing.

XSS to Account Takeover & Data Exfiltration

Web SecurityXSSAccount TakeoverCSRFSession RidingData ExfiltrationVulnerability Research

In this article, I'll walk through a real-world example of how a seemingly innocent XSS vulnerability was leveraged to achieve full account takeover and sensitive data exfiltration....

Read full post →

VirtualProtect DEP Bypass: Step-By-Step Exploit

Exploit DevelopmentVulnServerDEP BypassROPBuffer OverflowWindows Exploitation

So what happens when you try to execute shellcode in a classic buffer overflow? DEP detects code execution from a writable memory area and shuts everything down. Game over.

Read full post →

Finding and Exploiting CVE-2023-0830 in EasyNas

Vulnerability ResearchCommand InjectionCVEEasyNASExploit DevelopmentPrivilege Escalation

In this post, I'll show you how I found this vulnerability using Burp Suite and walk through the exploitation process. I'll also show the vulnerable code and explain what makes this such a dangerous...

Read full post →