Published inInfoSec Write-upsShellcodes are dead, long live Fileless ShellcodesExecute shellcode from a remote-hosted bin file using Winhttp.Mar 8, 20232Mar 8, 20232
Published inInfoSec Write-upsThe more predictable you are, the less you get detected — hiding malicious shellcodes via Shannon…Entropy is the measure of the randomness in a set of data (here: shellcode). The higher the entropy, the more random the data is.Jul 22, 2022Jul 22, 2022
Published inInfoSec Write-upsHunting for Prototype Pollution and it’s vulnerable code on JS librariesIt’s been months since I have released ppmap and it didn’t take much for the tool to be popular because of how crazy and trending Prototype…Oct 11, 2021Oct 11, 2021
Published inInfoSec Write-upsExploiting HTTP Request Smuggling (TE.CL)— XSS to website takeoverEven though HTTP Request Smuggling is documented back on 2005, it is still one of the least known Webapp vulnerability out there.Mar 9, 2021Mar 9, 2021
Published inInfoSec Write-upsEvade AVs/EDR with Shellcode InjectionGaining a foothold can be challenging, as AV and Defender makes this step a little tougher, as modern Windows version have put in place…Feb 8, 2021Feb 8, 2021
Published inInfoSec Write-upsContent-Security-Policy Bypass to perform XSSSummaryDec 9, 20205Dec 9, 20205
Published inInfoSec Write-upsBypassing WAF to do Error-Based SQL InjectionDuring penetration testing, I faced with a website which on this article I will name it as http://domain.comOct 25, 20202Oct 25, 20202
Published inInfoSec Write-upsLeveraging LFI to RCE in a website with +20000 usersHello researchers and bug hunters! Recently I found an interesting attack vector which I would like to share with you.Oct 4, 20202Oct 4, 20202
Published inInfoSec Write-upsIncreasing XSS impact using XSScopeDid you find XSS? Now its time to GO BEYOND THE ALERT with XSScope…Oct 2, 20201Oct 2, 20201
Published inInfoSec Write-upsCORS one liner command exploiterTo all Bug Hunters and Security Researcher, I made a Cheatsheet specifically for CORS missconfigurations. By simply copy-paste the…Jun 8, 20201Jun 8, 20201