←
Home
Archive
Tags
About
Subscribe
Spaceraccoon's Blog
InfoSec and White Hat Hacking
2022
Aug 18
You Have One New Appwntment: Exploiting iCalendar Properties in Enterprise Applications
desktop
red team
web
ios
android
Jun 18
Embedding Payloads and Bypassing Controls in Microsoft InfoPath
desktop
red team
Feb 3
Solving DOM XSS Puzzles
web
code review
2021
Dec 31
2Q21: New Year's Reflections
writing
Nov 26
The InfoSecurity Challenge 2021 Full Writeup: Battle Royale for $30k
desktop
binary
reverse engineering
dev
code review
web
android
api
red team
Oct 22
All Your (d)Base Are Belong To Us, Part 2: Code Execution in Microsoft Office (CVE-2021-38646)
desktop
binary
reverse engineering
fuzzing
Sep 29
All Your (d)Base Are Belong To Us, Part 1: Code Execution in Apache OpenOffice (CVE-2021-33035)
desktop
binary
reverse engineering
fuzzing
code review
Sep 17
Down the Rabbit Hole: Unusual Applications of OpenAI in Cybersecurity Tooling
dev
ai
code review
reverse engineering
Jun 23
ROP and Roll: EXP-301 Offensive Security Exploit Developer (OSED) Review and Exam
training
binary
May 22
Life's a Peach (Fuzzer): How to Build and Use GitLab's Open-Source Protocol Fuzzer
fuzzing
binary
Mar 11
Offensive Security Experienced Penetration Tester (OSEP) Review and Exam
training
red team
Feb 2
Applying Offensive Reverse Engineering to Facebook Gameroom
desktop
reverse engineering
2020
Dec 23
Supply Chain Pollution: Hunting a 16 Million Download/Week npm Package Vulnerability for a CTF Challenge
web
code review
Dec 3
Imposter Alert: Extracting and Reversing Metasploit Payloads (Flare-On 2020 Challenge 7)
binary
reverse engineering
Sep 18
Beat The Clock: The CSIT InfoSecurity Challenge
binary
reverse engineering
Aug 14
Open Sesame: Escalating Open Redirect to RCE with Electron Code Review
desktop
code review
reverse engineering
May 15
Closing the Loop: Practical Attacks and Defences for GraphQL APIs
web
api
Apr 5
Same Same But Different: Discovering SQL Injections Incrementally with Isomorphic SQL Statements
web
Feb 18
A Tale of Two Formats: Exploiting Insecure XML and ZIP File Parsers to Create a Web Shell
web
Jan 12
Remote Code Execution in Three Acts: Chaining Exposed Actuators and H2 Database Aliases in Spring Boot 2
web
2019
Dec 29
Low-Hanging Apples: Hunting Credentials and Secrets in iOS Apps
ios
Dec 15
From checkra1n to Frida: iOS App Pentesting Quickstart on iOS 13
ios