☕

xanhacks' infosec blog

xanhacks infosec blog, enjoy reading 📖 !

Home
About
Search

Categories

web

malware

box

others

2023

Race Condition, OAuth without state and redirection into XSS & RCE via HTML2PDF - PhantomFeed HTB University 2023

Featured image of post Race Condition, OAuth without state and redirection into XSS & RCE via HTML2PDF - PhantomFeed HTB University 2023

XSS, Race Condition, XS-Leaks and CSP & iframe's sandbox bypass - LakeCTF 2023 GeoGuessy

Featured image of post XSS, Race Condition, XS-Leaks and CSP & iframe's sandbox bypass - LakeCTF 2023 GeoGuessy

Nginx configuration bypass & Forging HTTP request - FCSC2023 Follow The Rabbit

Featured image of post Nginx configuration bypass & Forging HTTP request - FCSC2023 Follow The Rabbit

Abusing FindFirstFile to do PHP Session Hijacking - THCon23 Demo App

Featured image of post Abusing FindFirstFile to do PHP Session Hijacking - THCon23 Demo App

Server-Side Prototype Pollution on a WebSocket server - BreizhCTF Ariane Chat

Featured image of post Server-Side Prototype Pollution on a WebSocket server - BreizhCTF Ariane Chat

Exfiltration of secrets using an XS-Leaks - HackTM Secrets

Featured image of post Exfiltration of secrets using an XS-Leaks - HackTM Secrets

2022

MoqHao Android malware analysis and phishing campaign

Featured image of post MoqHao Android malware analysis and phishing campaign

Finding PHP Serialization Gadget Chain - DG'hAck Unserial killer

Featured image of post Finding PHP Serialization Gadget Chain - DG'hAck Unserial killer

EC2 / Root-Me - Writeup VM Escalate-Me

Featured image of post EC2 / Root-Me - Writeup VM Escalate-Me

Unicorn obfuscated powershell analysis

Featured image of post Unicorn obfuscated powershell analysis

Yogosha Christmas CTF Writeup

Featured image of post Yogosha Christmas CTF Writeup

2021

Infosec Memes

Find 0days in a random application on Github

Featured image of post Find 0days in a random application on Github