Bug Bounty Hunting Tip #1- Always read the Source Code

This is a place to share my miscellaneous projects. - SinaKarvandi/Misc

A Red Team exercise on exploiting design decisions on GCP.

:cherry_blossom: Interactive shellcoding environment to easily craft shellcodes - merrychap/shellen

Click to read the article on phrack

In this blog post I will discuss leveraging Meterpreter’s powershell module to execute .NET assemblies in-memory. Metasploit and Meterpreter are effective and useful tools, but occasionally one encounters a situation where they lack features. Cobalt Strike…

Hijacking Malwarebytes via COM IPC Attacking K7 Security was my first attempt at discovering, analysing, and exploiting software at the protocol level. It made me curious as to how other vendors designed and developed their inter-process communication (IPC)…

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication - kgretzky/evilginx2

Hi everyone, today I will talk about an interesting account takeover flaw which I found around a year back. The root cause of this issue…

PHP: mime types (array format). GitHub Gist: instantly share code, notes, and snippets.

This article discloses exploitation of CVE-2019-18683, which refers to multiple five-year-old race conditions in the V4L2 subsystem of the Linux kernel. I found and fixed them at the end of 2019. Here I'm going to describe a PoC exploit for x86_64 that gains…