0xb0rn3@blog:~$ ls -la research/
CVE-2025-55182 — critical unauthenticated RCE in React Server Components. Prototype pollution meets unsafe server-side deserialization in the Flight protocol, with ~436K exposed Next.js instances.
Read MoreRemote code execution via the SolrSearch macro — a single HTTP GET request achieves full system compromise through Groovy template injection. No credentials required.
Read MoreExploiting CVE-2023-43208 — critical authentication bypass in NextGen Healthcare's Mirth Connect integration engine. From version detection to reverse shell on 272K+ exposed instances.
Read More
Deep dive into Xpl0it — a PoC exploiting sudo's trust model when handling
dynamic library loading in chroot environments. How sudo -R
+ a crafted nsswitch.conf delivers a root shell.
Getting a shell is just a foothold. SUID abuse, kernel exploits (DirtyCow, PwnKit), and sudo misconfigurations that turn a low-priv user into root.
Read MoreLateral movement through compromised networks — Living off the Land, SSH tunneling (local + remote port forwarding), SOCKS proxying, and persistence with autossh.
Read MoreMapping the control plane during post-exploitation — understanding iptables, nftables, firewalld, and UFW. Automating Linux firewall detection with a custom script.
Read MoreWhat happened when exploits went from currency to content? The information trading economy that defined hacker culture collapsed — we gained access but lost something essential.
Read MoreFound a production GraphQL endpoint with introspection enabled, revealing the complete API schema. How reconnaissance through introspection leads to data disclosure and exploitation vectors.
Read MoreDiscovering exposed Jenkins servers with unauthenticated script console access. Command execution, AWS metadata extraction, and establishing persistence through Groovy.
Read MoreIdentifying and exploiting CORS misconfigurations for unauthorized data access. Building proof-of-concept exploits and understanding the security implications.
Read MoreExploiting accessible PURGE HTTP methods without authentication. Clearing website cache to cause performance degradation and denial of service conditions.
Read More