Spaceraccoon's Blog

InfoSec and White Hat Hacking

2022

Sep 19

Challendar: Creating a Challenge for The Infosecurity Challenge 2022

dev web code review

Aug 29

Exploiting Improper Validation of Amazon Simple Notification Service SigningCertUrl

cloud web code review

Aug 18

You Have One New Appwntment: Exploiting iCalendar Properties in Enterprise Applications

desktop red team web ios android

Feb 3

Solving DOM XSS Puzzles

web code review

2021

Nov 26

The InfoSecurity Challenge 2021 Full Writeup: Battle Royale for $30k

desktop binary reverse engineering dev code review web android api red team

2020

Dec 23

Supply Chain Pollution: Hunting a 16 Million Download/Week npm Package Vulnerability for a CTF Challenge

web code review

May 15

Closing the Loop: Practical Attacks and Defences for GraphQL APIs

Apr 5

Same Same But Different: Discovering SQL Injections Incrementally with Isomorphic SQL Statements

Feb 18

A Tale of Two Formats: Exploiting Insecure XML and ZIP File Parsers to Create a Web Shell

Jan 12

Remote Code Execution in Three Acts: Chaining Exposed Actuators and H2 Database Aliases in Spring Boot 2