Spaceraccoon's Blog

InfoSec and White Hat Hacking

2024

Jul 7

Universal Code Execution by Chaining Messages in Browser Extensions

web desktop reverse engineering

May 27

Cache Me If You Can: Local Privilege Escalation in Zscaler Client Connector (CVE-2023-41973)

binary desktop reverse engineering

Feb 4

Back to the (Clip)board with Microsoft Whiteboard and Excalidraw in Meta (CVE-2023-26140)

web code review desktop

2023

Oct 31

Hacking HP Display Monitors via Monitor Control Command Set (CVE-2023-5449)

binary desktop reverse engineering hardware

2022

Aug 18

You Have One New Appwntment: Exploiting iCalendar Properties in Enterprise Applications

desktop red team web ios android

Jun 18

Embedding Payloads and Bypassing Controls in Microsoft InfoPath

desktop red team

2021

Nov 26

The InfoSecurity Challenge 2021 Full Writeup: Battle Royale for $30k

desktop binary reverse engineering dev code review web android api red team

Oct 22

All Your (d)Base Are Belong To Us, Part 2: Code Execution in Microsoft Office (CVE-2021-38646)

desktop binary reverse engineering fuzzing

Sep 29

All Your (d)Base Are Belong To Us, Part 1: Code Execution in Apache OpenOffice (CVE-2021-33035)

desktop binary reverse engineering fuzzing code review

Feb 2

Applying Offensive Reverse Engineering to Facebook Gameroom

desktop reverse engineering

2020

Aug 14

Open Sesame: Escalating Open Redirect to RCE with Electron Code Review

desktop code review reverse engineering