Penetration tester, content creator & wannabe ethical hacker.
I have a YouTube channel where I demonstrate breakdowns of some CTFs or explore topics related to offensive cybersecurity.
I also have a blog where I post the same content as YouTube but in an "old-school" text format.
I'm happy to share the attribution of my first #CVE!
Authenticated Static Code Injections in #OpenCart (CVE-2023-47444)
You can find the details and PoCs about the two vulnerabilities on my blog:
https://0xbro.red/disclosures/disclosed-vulnerabilities/opencart-cve-2023-47444/
Easy-peasy #android emulator setup without using Genymotion or Android Studio + installation of custom certificates inside the system #certificate store of an Android 10 device.
#mobilehacking #androidhacking #androidstudio #androidemulator
Waffle-y Order is a medium-difficulty Web challenge from #HackTheBox, involving the exploitation of parser differential vulnerabilities to bypass a regex-based #WAF and chain a PHP arbitrary #deserialization with a blind #XXE to read arbitrary files and, finally, exfiltrate data.
Read the writeup here:
https://maoutis.github.io/writeups/Web%20Hacking/WAFfle-y_Order/
See the video here:
https://youtu.be/IESwry_l-UU