2025
Mar 12
Chaining SSRF and SSTI to achieve pre-auth RCE in [Target]
Combining SSRF and Jinja2 template injection to achieve unauthenticated remote code execution. Full PoC included.
WebRCE
→
2025
Feb 27
Reversing an obfuscated Android APK: from packed dex to plaintext secrets
Unpacking a multi-stage packer, defeating string encryption, and recovering hardcoded credentials from a banking app.
Rev Eng
→
2025
Feb 10
HackTheBox — Phantom: heap overflow → arbitrary write → root
Off-by-one in a custom allocator. House-of-spirit exploitation. SUID binary privilege escalation.
CTFPwn
→
2025
Jan 18
GraphQL introspection is not your enemy — your schema is
Batching attacks, nested query DoS, and IDOR through insecure resolvers. Why disabling introspection is security theatre.
Web
→
2024
Dec 05
pwn.college — Shellcode injection on NX+ASLR binary
Crafting position-independent shellcode and bypassing ASLR using format string leaks to obtain libc base address.
CTFRev Eng
→
2024
Nov 12
CVE-2020-13639 — Full Disclosure & Analysis
Responsible disclosure walkthrough and deep-dive analysis of CVE-2020-13639.
WebCVE
→