Web

Cache Deception on my new site!

A fun story about discovering my site was vulnerable to Cache Deception, allowing the visit of a link by me to leak all hidden blog posts to an attacker, thanks to URL-decoding and Path Traversals to confuse cache rules

External

PwnedDoc: Hacking a Reporting Tool

Finding 5 CVEs in the PwnDoc pentest reporting tool, angular-expressions and docx-templater. This includes multiple 1-click Remote Code Execution vulnerabilities by escaping the JavaScript sandbox in the templating engine.

Web Reversing Scripting Crypto

Cracking an online Password Encryption tool

How I recovered a friend's password by reverse engineering an online encryption service, and brute forcing a PIN locally. Learn about AES and black-box discovery, as well as some attacks

Web Scripting Encoding Crypto

How I got a Shodan Favicon Hash = 1337

Analysis of the Shodan hashing algorithm for favicons to brute force and pre-image any hash. With a caching trick to reduce the required computation a ton, packed into a new CLI tool to do the same in seconds

Reversing Crypto Game Hacking OSINT

Part 2: The New LiveOverflow Minecraft Hacking Server

Part 2 of the LiveOverflow Minecraft Server series. Search for the new server, crack base coordinates from bedrock formations, and teleport through walls!

Web XSS

Reflected XSS on my own site!

A short post about an interesting Reflected Cross-Site Scripting (XSS) vulnerability in this very site, but was not exploitable due to Content Security Policy

Scripting Game Hacking OSINT

Playing on the LiveOverflow Minecraft Hacking Server

Finding, and then Playing and learning Game Hacking on a Minecraft server made by LiveOverflow's "Minecraft HACKED" series on YouTube. Learn about port scanning quickly, Fabric modding, and general Game Hacking

Scripting RCE Filter Bypass

Getting RCE on a Brute Forcing Assignment

The story and walkthrough of how I got Remote Code Execution on a school assignment meant to teach Brute Forcing

Reversing

Introduction to Reverse Engineering (with Ghidra)

A very basic introduction to Reverse Engineering using Ghidra. Contains looking at strings, decompiling to C code, and patching instructions.