Cache Deception on my new site!
A fun story about discovering my site was vulnerable to Cache Deception, allowing the visit of a link by me to leak all hidden blog posts to an attacker, thanks to URL-decoding and Path Traversals to confuse cache rules
PwnedDoc: Hacking a Reporting Tool
Finding 5 CVEs in the PwnDoc pentest reporting tool, angular-expressions and docx-templater. This includes multiple 1-click Remote Code Execution vulnerabilities by escaping the JavaScript sandbox in the templating engine.
Cracking an online Password Encryption tool
How I recovered a friend's password by reverse engineering an online encryption service, and brute forcing a PIN locally. Learn about AES and black-box discovery, as well as some attacks
How I got a Shodan Favicon Hash = 1337
Analysis of the Shodan hashing algorithm for favicons to brute force and pre-image any hash. With a caching trick to reduce the required computation a ton, packed into a new CLI tool to do the same in seconds
Part 2: The New LiveOverflow Minecraft Hacking Server
Part 2 of the LiveOverflow Minecraft Server series. Search for the new server, crack base coordinates from bedrock formations, and teleport through walls!
Reflected XSS on my own site!
A short post about an interesting Reflected Cross-Site Scripting (XSS) vulnerability in this very site, but was not exploitable due to Content Security Policy
Playing on the LiveOverflow Minecraft Hacking Server
Finding, and then Playing and learning Game Hacking on a Minecraft server made by LiveOverflow's "Minecraft HACKED" series on YouTube. Learn about port scanning quickly, Fabric modding, and general Game Hacking
Getting RCE on a Brute Forcing Assignment
The story and walkthrough of how I got Remote Code Execution on a school assignment meant to teach Brute Forcing
Introduction to Reverse Engineering (with Ghidra)
A very basic introduction to Reverse Engineering using Ghidra. Contains looking at strings, decompiling to C code, and patching instructions.