Advanced exploitation techniques, reverse engineering insights, and cutting-edge security research. From zero-day discovery to sophisticated exploit development.
In-depth technical analysis, vulnerability research, and exploit development insights.
This blog post contains a thorough analysis of Server Side Template Injection vulnerability in a commercial Managed File Transfer product named CrushFTP. Exploit script is available. The post covers the vulnerability, exploitation, and the underlying custom templating engine that led to the issue, with code and analysis.
This post analyzes the authentication bypass vulnerability in CrushFTP, including patch diffing, code analysis, and exploit methodology. It details the affected versions, the patch, and the logic flaw that allowed unauthenticated access, with code snippets and step-by-step breakdown.
This post explores two critical vulnerabilities in HPE Insight Remote Support: an unauthenticated XXE and a remote code execution flaw. It covers the technical details, exploitation process, and provides proof-of-concept code and analysis for both vulnerabilities.
Open-source tools, exploit frameworks, and research utilities for the security community.
Collection of proof‑of‑concept exploits for various CVEs and vulnerabilities.
Pwning notes: tutorials, examples & challenge solutions for binary exploitation.
A Python script to fetch, analyze, and report on Microsoft Security Updates (Patch Tuesday releases) from the MSRC API.