Spaceraccoon's Blog

InfoSec and White Hat Hacking

2022

Aug 18

You Have One New Appwntment: Exploiting iCalendar Properties in Enterprise Applications

desktop red team web ios android

Feb 3

Solving DOM XSS Puzzles

web code review

2021

Nov 26

The InfoSecurity Challenge 2021 Full Writeup: Battle Royale for $30k

desktop binary reverse engineering dev code review web android api red team

2020

Dec 23

Supply Chain Pollution: Hunting a 16 Million Download/Week npm Package Vulnerability for a CTF Challenge

web code review

May 15

Closing the Loop: Practical Attacks and Defences for GraphQL APIs

Apr 5

Same Same But Different: Discovering SQL Injections Incrementally with Isomorphic SQL Statements

Feb 18

A Tale of Two Formats: Exploiting Insecure XML and ZIP File Parsers to Create a Web Shell

Jan 12

Remote Code Execution in Three Acts: Chaining Exposed Actuators and H2 Database Aliases in Spring Boot 2