RCE using XSS in Electron applications

Notable 1.8.4 allows XSS via crafted Markdown text, with resultant remote code execution (because nodeIntegration in webPreferences is true).

Notable is a markdown-based note-taking app that is developed using Electron framework. …

SEH based buffer overflow for GMON command in vulnserver.

In this post, we will be exploiting the GMON command of Vulnerver using SEH based buffer overflow. If you are not acquainted with SEH based buffer overflows you can refer to the Exploit Research Megaprimer on Security Tube or Corelan’s tutorials on buffer overflows. If you want to read about…

Bypassing application security checks & manipulating code at runtime.

Frida is a dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. What this means in simple language is that it can hook function calls made by an application and modify them at runtime. Using this we can easily bypass security…

“Every battle is won or lost before it’s ever fought.”

TL;DR useful resources at the end of the post.

The story begins in January, 2018 when I got a cyber security internship. At that time I was still in college and had no idea about cyber security (I did try…

Sourov Ghosh

I like computers and offensive security.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store