Disclaimer

Introduction Hi again! I’m back once more with a new Red Team engagement snippet that delves deeper into the firmware and combines Black Box testing without source code, credentials, or even any information about the assets to simulate the malicious outsider actor (Black Hat), then turns it into a White Box…

Introduction For now, as we explained before we can retrieve files from the Emscripten virtual memory filesystem — which I mentioned in the PyScriptJS cheat sheets — and now I’m thinking why not try chaining vulnerabilities to raise the possible security impact, who knows maybe in the near future we can…

Introduction Hi Infosec community, It’s been a long time since I wrote a blog. I’m back again with a new technique used by Red Teamers to get initial access to the infrastructure without requiring any user interaction. Before we start, this is a research I made in wkhtmlTOpdf 0.12.6 library and…

Introduction When working with any programing or scripting language you might ask your self is this language could be used for “hacking”, this question in the beginning could be very superficial but let’s take it real. I do love PHP a lot to be honest, I’m using it in everything, in…