Open in app

Sign in

Medium Logo
Write

Sign in

kleiton0x7e
kleiton0x7e

1K followers

Home

About

InfoSec Write-ups

Published in

InfoSec Write-ups

Shellcodes are dead, long live Fileless Shellcodes

Execute shellcode from a remote-hosted bin file using Winhttp.

Mar 8, 2023
2
Shellcodes are dead, long live Fileless Shellcodes
Shellcodes are dead, long live Fileless Shellcodes
Mar 8, 2023
2
InfoSec Write-ups

Published in

InfoSec Write-ups

The more predictable you are, the less you get detected — hiding malicious shellcodes via Shannon…

Entropy is the measure of the randomness in a set of data (here: shellcode). The higher the entropy, the more random the data is.

Jul 22, 2022
The more predictable you are, the less you get detected — hiding malicious shellcodes via Shannon…
The more predictable you are, the less you get detected — hiding malicious shellcodes via Shannon…
Jul 22, 2022
InfoSec Write-ups

Published in

InfoSec Write-ups

Hunting for Prototype Pollution and it’s vulnerable code on JS libraries

It’s been months since I have released ppmap and it didn’t take much for the tool to be popular because of how crazy and trending Prototype…

Oct 11, 2021
Hunting for Prototype Pollution and it’s vulnerable code on JS libraries
Hunting for Prototype Pollution and it’s vulnerable code on JS libraries
Oct 11, 2021
InfoSec Write-ups

Published in

InfoSec Write-ups

Exploiting HTTP Request Smuggling (TE.CL)— XSS to website takeover

Even though HTTP Request Smuggling is documented back on 2005, it is still one of the least known Webapp vulnerability out there.

Mar 9, 2021
Exploiting HTTP Request Smuggling (TE.CL)— XSS to website takeover
Exploiting HTTP Request Smuggling (TE.CL)— XSS to website takeover
Mar 9, 2021
InfoSec Write-ups

Published in

InfoSec Write-ups

Evade AVs/EDR with Shellcode Injection

Gaining a foothold can be challenging, as AV and Defender makes this step a little tougher, as modern Windows version have put in place…

Feb 8, 2021
Evade AVs/EDR with Shellcode Injection
Evade AVs/EDR with Shellcode Injection
Feb 8, 2021
InfoSec Write-ups

Published in

InfoSec Write-ups

Content-Security-Policy Bypass to perform XSS

Summary

Dec 9, 2020
5
Content-Security-Policy Bypass to perform XSS
Content-Security-Policy Bypass to perform XSS
Dec 9, 2020
5
InfoSec Write-ups

Published in

InfoSec Write-ups

Bypassing WAF to do Error-Based SQL Injection

During penetration testing, I faced with a website which on this article I will name it as http://domain.com

Oct 25, 2020
2
Bypassing WAF to do Error-Based SQL Injection
Bypassing WAF to do Error-Based SQL Injection
Oct 25, 2020
2
InfoSec Write-ups

Published in

InfoSec Write-ups

Leveraging LFI to RCE in a website with +20000 users

Hello researchers and bug hunters! Recently I found an interesting attack vector which I would like to share with you.

Oct 4, 2020
2
Leveraging LFI to RCE in a website with +20000 users
Leveraging LFI to RCE in a website with +20000 users
Oct 4, 2020
2
InfoSec Write-ups

Published in

InfoSec Write-ups

Increasing XSS impact using XSScope

Did you find XSS? Now its time to GO BEYOND THE ALERT with XSScope…

Oct 2, 2020
1
Increasing XSS impact using XSScope
Increasing XSS impact using XSScope
Oct 2, 2020
1
InfoSec Write-ups

Published in

InfoSec Write-ups

CORS one liner command exploiter

To all Bug Hunters and Security Researcher, I made a Cheatsheet specifically for CORS missconfigurations. By simply copy-paste the…

Jun 8, 2020
1
CORS one liner command exploiter
CORS one liner command exploiter
Jun 8, 2020
1
kleiton0x7e

kleiton0x7e

1K followers

Red Team Operator | Bug Hunter

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech