PinnedFrom SVG and back, yet another mutation XSS via namespace confusion for DOMPurify < 2.2.2 bypassFor those who are only interested in the final payload here you go (I won’t judge). For the ones interested in why it works, please bear…Nov 11, 2020Nov 11, 2020
Reversing a Magento RCE (CVE-2022–24086)NOTE: This post has been sitting on my drafts forever and I don’t remember why I never published it before 🤣. The vulnerability addressed…Jun 27Jun 27
Leaking Microsoft Defender’s exclusions using a timing oracleAround January 2022, the fact that unprivileged users were able to enumerate Microsoft Defender’s exclusion rules gained notoriety. A…Feb 11Feb 11
Capturing the flag with ChatGPT: solving DiceCTF 2023 rev/time-travelI was recently invited to play the latest edition of DiceCTF. It was a last-minute invite, so I just played the last two hours of the…Feb 7, 2023Feb 7, 2023
Bypassing Defender’s self-protect mechanismI recently started working as a Red Team lead, and figuring out ways to bypass antivirus engines became a regular thing. I am a huge fan of…Feb 17, 2022Feb 17, 2022
Published inTechiepediaThe tale of CVE-2021–34479 (VSCode XSS)This April, I finally decided to take some time to study the Electron framework and the security considerations around it. After learning…Nov 17, 20211Nov 17, 20211
Published inTechiepediaHow I found my first Chrome bug (CVE-2021–21210)On October 31, 2020, @SamyKamkar published his research on NAT Slipstreaming. According to his own words, NAT Slipstreaming —Jun 28, 2021Jun 28, 2021
Cracking Rolling Code Locks the lazy wayI took some of my Christmas break time to solve as many challenges as I could in HackerOne’s CTF. Out of the remaining challenges I still…Jan 1, 20212Jan 1, 20212