Few months ago I was assigned to do a pentest on a target running CyberPanel. It seemed to be installed by default by some VPS providers & it was also sponsored by Freshworks.
-
posts
-
What Are My OPTIONS? CyberPanel v2.3.6 pre-auth RCE
-
VLang Template Injection, Lazy Loading Iframes, SS-leaks - BRICS+ CTF Quals
This weekend I participated in BRICS+ CTF Qualifications, organized by C4T BuT S4D alongside other members of Friendly Maltese Citizens team where we managed to qualify for the finals 🎉.
-
SCC2024 CTF Quals - Author Writeup
This year, I was asked to write some Web challenges for the Serbian Cybersecurity Challenge Qualifications - it was a really fun experience hosting a CTF after a long time :)
-
Nullcon HackIM CTF 2023 Web Writeups
Last week, I participated in the Nullcon HackIM CTF 2023 with
1/0
(formerly team zh3r0). -
Taking Over an Entire Organization - A Journey Through Multiple Bugs [Collab w/@Hacktus]
- This was a collaboration blog post, feel free to give it a read at Hacktus’s blog :)
-
Notes on (in)secure Java Deserialization
The goal of this writeup is to give a quick walkthrough of practical scenarios of Deserialization vulnerabilities that arise in many programming languages, specifically Java in our case, and how we can go from using a simple pre-built gadget chain to writing our own custom gadget chains and eventually gaining code execution on a target server.
-
Intigriti-0722 July XSS Challenge Writeup
The Intigriti July XSS challenge was a great challenge created by antonvroemans which included a quite funny bug de-escalation from an SQL injection to an XSS with a CSP bypass. Leaving that aside, it was a great chance to practice skills in multiple attack vectors and improve.
-
CVE-2021-32172 - Maian Cart RCE
This issue was found back in around november 2020 by me and my friend who would rather not come out publicly with his name, so let’s call him purpl3 (his wish :D).