RCE using XSS in Electron applications

Notable 1.8.4 allows XSS via crafted Markdown text, with resultant remote code execution (because nodeIntegration in webPreferences is true).

Notable is a markdown-based note-taking app that is developed using Electron framework. …


Credits: PortSwigger

Serialization vs Deserialization

Serialization is the process of converting objects to a sequential stream of bytes so that it can be easily stored in a database or transmitted over a network. Deserialization is the exact opposite of serialization. …


Exploiting it service manually

I was writing my windows privilege escalation guide when I came across a potential DLL hijacking vulnerability reported by PowerUp. After searching on the internet I found that its due to a vulnerability in the IKEEXT service. I placed the missing DLL wlbctrl.dll inC:\Temp and tried restarting the service IKEEXT…


All roads lead to SYSTEM

Privilege Escalation may be daunting at first but it becomes easier once you know what to look for and what to ignore. Privilege escalation always comes down to proper enumeration. This guide will mostly focus on the common privilege escalation techniques and exploiting them.

The starting point for this tutorial…


SEH based buffer overflow for GMON command in vulnserver.

In this post, we will be exploiting the GMON command of Vulnerver using SEH based buffer overflow. If you are not acquainted with SEH based buffer overflows you can refer to the Exploit Research Megaprimer on Security Tube or Corelan’s tutorials on buffer overflows. If you want to read about…


Bypassing application security checks & manipulating code at runtime.

Frida is a dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. What this means in simple language is that it can hook function calls made by an application and modify them at runtime. Using this we can easily bypass security…


Overview

Stack-based buffer overflow exploits are likely the shiniest and most common form of exploit for remotely taking over the code execution of a process. …


“Every battle is won or lost before it’s ever fought.”

TL;DR useful resources at the end of the post.

The story begins in January, 2018 when I got a cyber security internship. At that time I was still in college and had no idea about cyber security (I did try…

Sourov Ghosh

I like computers and offensive security.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store