Open in app

Sign In

Write

Sign In

kleiton0x7e
kleiton0x7e

845 Followers

Home

About

Published in InfoSec Write-ups

·Jul 22, 2022

The more predictable you are, the less you get detected — hiding malicious shellcodes via Shannon encoding

The more predictable you are, the less you get detected Recently I publish a small PoC on Github about a way of hiding malicious shellcode in PE by lowering its entropy. Entropy is the measure of the randomness in a set of data (here: shellcode). The higher the entropy, the more random the data is. Shannon Entropy is an algorithm…

Cybersecurity

7 min read

The more predictable you are, the less you get detected — hiding malicious shellcodes via Shannon…
The more predictable you are, the less you get detected — hiding malicious shellcodes via Shannon…
Cybersecurity

7 min read


Published in InfoSec Write-ups

·Oct 11, 2021

Hunting for Prototype Pollution and it’s vulnerable code on JS libraries

It’s been months since I have released ppmap and it didn’t take much for the tool to be popular because of how crazy and trending Prototype Pollution vulnerability actually is. On this article I’m not going to introduce you what Prototype Pollution is, since there are a lot of articles/videos…

Bug Bounty

5 min read

Hunting for Prototype Pollution and it’s vulnerable code on JS libraries
Hunting for Prototype Pollution and it’s vulnerable code on JS libraries
Bug Bounty

5 min read


Published in InfoSec Write-ups

·Mar 9, 2021

Exploiting HTTP Request Smuggling (TE.CL)— XSS to website takeover

Even though HTTP Request Smuggling is documented back on 2005, it is still one of the least known Webapp vulnerabilities out there. After a little break I decided to hunt a private company (which is not eligible for Bug Bounty, but still accepting reports) and what I found might be…

Cybersecurity

5 min read

Exploiting HTTP Request Smuggling (TE.CL)— XSS to website takeover
Exploiting HTTP Request Smuggling (TE.CL)— XSS to website takeover
Cybersecurity

5 min read


Published in InfoSec Write-ups

·Feb 8, 2021

Evade EDR with Shellcode Injection and gain persistence using Registry Run Keys

Gaining a foothold in an internal network can be challenging, as AV and Defender make this a little tougher. Modern Windows versions have put in place some mitigation that prevents the shellcode to run properly. …

Cybersecurity

4 min read

Evade AVs/EDR with Shellcode Injection
Evade AVs/EDR with Shellcode Injection
Cybersecurity

4 min read


Published in InfoSec Write-ups

·Dec 9, 2020

Content-Security-Policy Bypass to perform XSS using MIME sniffing

Summary Recently, I performed a Cross Site Scripting vulnerability, however a normal XSS payload wasn’t being triggered because CSP was blocking external Javascript code (XSS) being executed. …

Cybersecurity

5 min read

Content-Security-Policy Bypass to perform XSS
Content-Security-Policy Bypass to perform XSS
Cybersecurity

5 min read


Published in InfoSec Write-ups

·Oct 25, 2020

Bypassing WAF to do advanced Error-Based SQL Injection

During penetration testing, I faced with a website which on this article I will name it as http://domain.com While browsing the website, I didn’t see any single Parameter, even though the website was built with PHP. I quit browsing and started to Google Dorking. Google Dorking to look for endpoints Using a simple dork inurl:http://domain.com …

Sql Injection

5 min read

Bypassing WAF to do Error-Based SQL Injection
Bypassing WAF to do Error-Based SQL Injection
Sql Injection

5 min read


Published in InfoSec Write-ups

·Oct 4, 2020

Leveraging LFI to RCE in a website with +20000 users

Hello researchers and bug hunters! Recently I found an interesting attack vector which I would like to share with you. Without losing time, let’s jump into it. Finding LFI vulnerability Let’s browse through the website to see if we can find any interesting endpoint. Clicking to Contact Us leads to an interesting endpoint: …

Bug Bounty

3 min read

Leveraging LFI to RCE in a website with +20000 users
Leveraging LFI to RCE in a website with +20000 users
Bug Bounty

3 min read


Published in InfoSec Write-ups

·Oct 2, 2020

Increasing XSS impact using XSScope

During Bug Hunting, everyone aims for triggering the “1” alert. However, if you want to escalate your impact of XSS, now you can do this easily by using XSScope. What is XSScope? What is XSScope? XSScope is an advanced XSS payload generator platform for Client-Side attacks and also with an aim of increaing…

Bug Bounty

3 min read

Increasing XSS impact using XSScope
Increasing XSS impact using XSScope
Bug Bounty

3 min read


Published in InfoSec Write-ups

·Jun 8, 2020

CORS one liner command exploiter

This is an extremely helpful and practical Cheatsheet for Bug Hunters, which helps you find CORS missconfiguration in every possible method. Simply replace https://example.com with the URL you want to target. This will help you scan for CORS vulnerability without the need of an external tool. …

Cybersecurity

4 min read

CORS one liner command exploiter
CORS one liner command exploiter
Cybersecurity

4 min read


Published in InfoSec Write-ups

·May 28, 2020

Bypassing WAF to perform XSS

Recently I was hunting for some XSS and I come up to a website (lets call it website.com for privacy reason) where it had an admin login form on /admin directory. Instinctively I tried entering random credentials to see what kind of response I will get.

Xss

4 min read

Bypassing WAF to perform XSS
Bypassing WAF to perform XSS
Xss

4 min read

kleiton0x7e

kleiton0x7e

845 Followers

Red Team Operator | Bug Hunter

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech