Chaining XSS, Massive PII Leaks, Custom Crypto Bypass and excel injection via unsanitized spreadsheet export I finally got my hands on my first real web pentest recently (let’s call the target Com...

What is CVE-2024-21413? CVE-2024-21413 is a Microsoft Outlook vulnerability that allows attackers to bypass Outlook’s built-in security protections by abusing a specially crafted hyperlink known a...

Cap (Hack Lab) Recon First, I start with a quick full-port SYN scan to see what’s exposed, and it show only three services are alive which is FTP, SSH, and HTTP. ┌─[✗]─[ocean@parrot]─[~/Desktop]...

CVE-Evil Cups I actually did this last year during a sharing session, and I just found it again while organizing my files. Thought I’d give it another try to see if I still remember it. So here I ...

Rev - Wisdom Initial Analysis We are given a 64-bit ELF binary that prompts the user for “wisdom” and validates the input. The binary is dynamically linked and unstripped, making revers...

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi u...

This is a Windows-based keylogger thats captures keystrokes and exfiltrates them to Discord via webhooks. The Anatomy of a Keylogger 1. Hiding // Hide console window void Stealth() { #ifdef invi...