For those who are only interested in the final payload here you go (I won’t judge). For the ones interested in why it works, please bear with me.

Snippet 1: final payload

First of all, I would like to point out that this article and the bypass described here are…


What is CodeQL

Some months ago I was introduced to CodeQL by scrolling through my Twitter feed and I fell in love with it ever since. As the name suggests, CodeQL is a query language. However, instead of querying entity records in a database, you query a code repository for interesting patterns. …


On October 31, 2020, @SamyKamkar published his research on NAT Slipstreaming. According to his own words, NAT Slipstreaming —

… allows an attacker to remotely access any TCP/UDP service bound to a victim machine, bypassing the victim’s NAT/firewall (arbitrary firewall pinhole control), just by the victim visiting a website.

I…


I took some of my Christmas break time to solve as many challenges as I could in HackerOne’s CTF. Out of the remaining challenges I still had to solve, there was a couple of named Model E1337 — Rolling Code Lock and Model E1337 v2 — Hardened Rolling Code Lock…


On November 4th BugPoc published a new challenge on their official Twitter account. The challenge objective was simple, using Google Chrome, find an XSS vulnerability, and pop-up a message box by calling alert(origin).

First steps

Navigating to the challenge page hosted at https://wacky.buggywebsite.com/, the challenger was given a “simple” single input page…


In my last post, I described how it is (was?) possible to use the OpenVAS Download an EXE package for Microsoft Windows feature to extract username and passwords stored as credentials in the open-source vulnerability scanner. …


A couple of weeks ago I helped a friend with a penetration test for a company that used the OpenVAS vulnerability scanner (https://www.openvas.org/). OpenVAS, as most vulnerability scanners, uses pre-configured credentials in order to perform its scans. Putting your hands in one of these credentials during a pentest usually means…


During times of pandemic one needs to find interesting things to keep its mind sharp. Because of that, I decided to conduct a security assessment on my home wifi router. After working for a week I could find some stored XSS (CVEs pending) in the router’s web UI but that…

Daniel Santos

Security researcher and penetration tester

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store