Avatar ☕

xanhacks' infosec blog

xanhacks infosec blog, enjoy reading 📖 !

  1. Created with Fabric.js 3.5.0
  1. Home
  2. About
  3. Search
    1. Dark Mode

Archives

2025 1
2023 6
2022 5
2021 2

Categories

Web Malware Box Others

Tags

Web Ctf Code Analysis Flask Malware Php Privesc Race Condition Reverse Xs-Leaks
Featured image of post Server-Side Prototype Pollution on a WebSocket server - BreizhCTF Ariane Chat
Web

Server-Side Prototype Pollution on a WebSocket server - BreizhCTF Ariane Chat

Use a Server-Side Prototype Pollution to get an admin account on a Socket.IO chat server. Writeup of the Ariane Chat challenge of the BreizhCTF 2023.

Mar 21, 2023
10 minute read
Featured image of post Exfiltration of secrets using an XS-Leaks - HackTM Secrets
Web

Exfiltration of secrets using an XS-Leaks - HackTM Secrets

Exfiltrate the note from the bot using an XS-Leaks technique called 'Cross-Origin Redirects and CSP Violations'

Feb 19, 2023
5 minute read
Featured image of post Finding PHP Serialization Gadget Chain - DG'hAck Unserial killer
Web

Finding PHP Serialization Gadget Chain - DG'hAck Unserial killer

Write up of the challenge 'Unserial killer' of the DG'hAck 2022 which involves finding a PHP serialization gadget chain inside PHP libraries.

Aug 11, 2022
12 minute read
Featured image of post MoqHao Android malware analysis and phishing campaign
Malware

MoqHao Android malware analysis and phishing campaign

Technical analysis of the MoqHao (a.k.a RoamingMantis) Android malware and phishing campaign

Aug 11, 2022
19 minute read
Featured image of post EC2 / Root-Me - Writeup VM Escalate-Me
Box

EC2 / Root-Me - Writeup VM Escalate-Me

Writeup of the machine Escalate-Me made by Root-Me for the EC2 CTF

Jun 14, 2022
8 minute read
1 2 3
© 2020 - 2025 xanhacks' infosec blog
Built with Hugo
Theme Stack designed by Jimmy