kleiton0x7einInfoSec Write-upsShellcodes are dead, long live Fileless ShellcodesExecute shellcode from a remote-hosted bin file using Winhttp.Mar 8, 20232Mar 8, 20232
kleiton0x7einInfoSec Write-upsThe more predictable you are, the less you get detected — hiding malicious shellcodes via Shannon…Entropy is the measure of the randomness in a set of data (here: shellcode). The higher the entropy, the more random the data is.Jul 22, 2022Jul 22, 2022
kleiton0x7einInfoSec Write-upsHunting for Prototype Pollution and it’s vulnerable code on JS librariesIt’s been months since I have released ppmap and it didn’t take much for the tool to be popular because of how crazy and trending Prototype…Oct 11, 2021Oct 11, 2021
kleiton0x7einInfoSec Write-upsExploiting HTTP Request Smuggling (TE.CL)— XSS to website takeoverEven though HTTP Request Smuggling is documented back on 2005, it is still one of the least known Webapp vulnerability out there.Mar 9, 2021Mar 9, 2021
kleiton0x7einInfoSec Write-upsEvade AVs/EDR with Shellcode InjectionGaining a foothold can be challenging, as AV and Defender makes this step a little tougher, as modern Windows version have put in place…Feb 8, 2021Feb 8, 2021
kleiton0x7einInfoSec Write-upsContent-Security-Policy Bypass to perform XSSSummaryDec 9, 20205Dec 9, 20205
kleiton0x7einInfoSec Write-upsBypassing WAF to do Error-Based SQL InjectionDuring penetration testing, I faced with a website which on this article I will name it as http://domain.comOct 25, 20202Oct 25, 20202
kleiton0x7einInfoSec Write-upsLeveraging LFI to RCE in a website with +20000 usersHello researchers and bug hunters! Recently I found an interesting attack vector which I would like to share with you.Oct 4, 20202Oct 4, 20202
kleiton0x7einInfoSec Write-upsIncreasing XSS impact using XSScopeDid you find XSS? Now its time to GO BEYOND THE ALERT with XSScope…Oct 2, 20201Oct 2, 20201
kleiton0x7einInfoSec Write-upsCORS one liner command exploiterTo all Bug Hunters and Security Researcher, I made a Cheatsheet specifically for CORS missconfigurations. By simply copy-paste the…Jun 8, 20201Jun 8, 20201