TLS is a trustworthy channel. Surely we can’t use it to distribute malware. In this episode, we’ll be writing a custom TLS client and a server ! We will hide the shellcode in places TLS RFC ( rf...

2023 Ağustos ayında Tesla Model Y aracımı sıfır olarak aldım ve 2025 Şubat ayında sattım. 31bin KM yol yaptım. Bu blogpostta, bu araç ile olan deneyimimi sizlere aktarmak istiyorum. Tesla Model Y v...

Purpose of this series No, harm to anyone unethical things exfil of data bypassing rate limits or hardcore scraping We try to use hacker mentality anywhere possible. Win small things in...

In this episode, we will investigate CVE-2022-26134 of Atlassian Confluence. A preauth OGNL injection leading to Remote Code Execution. CVE-2022-26134 Details and information gathering Advisorie...

In this series of blogposts I will patch diff, analyze and craft exploits for old CVEs. CVE-2021-26084 Details and Information Gathering nist - CVE-2021-26084 In affected versions of Conflue...

In this series of blog posts we’ll explore exotic ways of hiding shellcode. “Years of solving stego challenges, had to pay” Part 1: Icons Our main goal is bypassing anti-viruses. We ideall...

I did my internship at STM this summer. During my internship, I prepared the Web category for STMCTF2021 with 4 challenges. In this blogpost, I will go over them. Hope you enjoyed it ! BountyP...

Prototype pollution is a very simple vulnerability yet tricky to find. In this blog post, I will try to explain prototype pollution, how it occurs and how should we search to find one. What is Pro...

This lab had 3 Windows end-user computers, 1 Netscaler FreeBSD server, 1 Citrix Windows server and 1 Domain Controller. Initial access was based on social engineering and phishing attacks, followed...

OpenAdmin HackTheBox üzerinde 20 puanlık ve “Kolay” olarak oylanmış bir makine. Makine üzerinde Uzaktan Kod Çalıştırmaya zafiyetli bir uygulama çalışıyor. Makinenin lokalinde çalışan farklı bir web...