←
Home
Archive
Tags
About
Subscribe
Spaceraccoon's Blog
InfoSec and White Hat Hacking
2023
Oct 31
Hacking HP Display Monitors via Monitor Control Command Set (CVE-2023-5449)
binary
desktop
reverse engineering
hardware
Oct 7
Passing the New OSEE Exam After Forgetting Everything
reverse engineering
binary
exploit
Apr 8
Rule Writing for CodeQL and Semgrep
dev
code review
2022
Dec 17
I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSS
web
code review
Sep 19
Challendar: Creating a Challenge for The Infosecurity Challenge 2022
dev
web
code review
Aug 29
Exploiting Improper Validation of Amazon Simple Notification Service SigningCertUrl
cloud
web
code review
Aug 18
You Have One New Appwntment: Exploiting iCalendar Properties in Enterprise Applications
desktop
red team
web
ios
android
Jun 18
Embedding Payloads and Bypassing Controls in Microsoft InfoPath
desktop
red team
Feb 3
Solving DOM XSS Puzzles
web
code review
2021
Dec 31
2Q21: New Year's Reflections
writing
Nov 26
The InfoSecurity Challenge 2021 Full Writeup: Battle Royale for $30k
desktop
binary
reverse engineering
dev
code review
web
android
api
red team
Oct 22
All Your (d)Base Are Belong To Us, Part 2: Code Execution in Microsoft Office (CVE-2021-38646)
desktop
binary
reverse engineering
fuzzing
Sep 29
All Your (d)Base Are Belong To Us, Part 1: Code Execution in Apache OpenOffice (CVE-2021-33035)
desktop
binary
reverse engineering
fuzzing
code review
Sep 17
Down the Rabbit Hole: Unusual Applications of OpenAI in Cybersecurity Tooling
dev
ai
code review
reverse engineering
Jun 23
ROP and Roll: EXP-301 Offensive Security Exploit Developer (OSED) Review and Exam
training
binary
May 22
Life's a Peach (Fuzzer): How to Build and Use GitLab's Open-Source Protocol Fuzzer
fuzzing
binary
Mar 11
Offensive Security Experienced Penetration Tester (OSEP) Review and Exam
training
red team
Feb 2
Applying Offensive Reverse Engineering to Facebook Gameroom
desktop
reverse engineering
2020
Dec 23
Supply Chain Pollution: Hunting a 16 Million Download/Week npm Package Vulnerability for a CTF Challenge
web
code review
Dec 3
Imposter Alert: Extracting and Reversing Metasploit Payloads (Flare-On 2020 Challenge 7)
binary
reverse engineering
Sep 18
Beat The Clock: The CSIT InfoSecurity Challenge
binary
reverse engineering
Aug 14
Open Sesame: Escalating Open Redirect to RCE with Electron Code Review
desktop
code review
reverse engineering
May 15
Closing the Loop: Practical Attacks and Defences for GraphQL APIs
web
api
Apr 5
Same Same But Different: Discovering SQL Injections Incrementally with Isomorphic SQL Statements
web
Feb 18
A Tale of Two Formats: Exploiting Insecure XML and ZIP File Parsers to Create a Web Shell
web
Jan 12
Remote Code Execution in Three Acts: Chaining Exposed Actuators and H2 Database Aliases in Spring Boot 2
web
2019
Dec 29
Low-Hanging Apples: Hunting Credentials and Secrets in iOS Apps
ios
Dec 15
From checkra1n to Frida: iOS App Pentesting Quickstart on iOS 13
ios
