Avatar ☕

xanhacks' infosec blog

xanhacks infosec blog, enjoy reading 📖 !

  4. Created with Fabric.js 3.5.0
  1. Home
  2. About
  3. Search
    1. Dark Mode

Archives

2026 1
2025 1
2023 6
2022 5
2021 2

Categories

Web Malware Box Others

Tags

Web Ctf Code Analysis Flask Malware Nextjs Php Privesc Race Condition Reverse
Featured image of post Abusing FindFirstFile to do PHP Session Hijacking - THCon23 Demo App
Web

Abusing FindFirstFile to do PHP Session Hijacking - THCon23 Demo App

Abusing the FindFirstFile Windows API function to do PHP Session Hijacking via Path Traversal. Writeup of the Demo App challenge of the THCon23 CTF.

Apr 23, 2023
3 minute read
Featured image of post Server-Side Prototype Pollution on a WebSocket server - BreizhCTF Ariane Chat
Web

Server-Side Prototype Pollution on a WebSocket server - BreizhCTF Ariane Chat

Use a Server-Side Prototype Pollution to get an admin account on a Socket.IO chat server. Writeup of the Ariane Chat challenge of the BreizhCTF 2023.

Mar 21, 2023
10 minute read
Featured image of post Exfiltration of secrets using an XS-Leaks - HackTM Secrets
Web

Exfiltration of secrets using an XS-Leaks - HackTM Secrets

Exfiltrate the note from the bot using an XS-Leaks technique called 'Cross-Origin Redirects and CSP Violations'

Feb 19, 2023
5 minute read
Featured image of post Finding PHP Serialization Gadget Chain - DG'hAck Unserial killer
Web

Finding PHP Serialization Gadget Chain - DG'hAck Unserial killer

Write up of the challenge 'Unserial killer' of the DG'hAck 2022 which involves finding a PHP serialization gadget chain inside PHP libraries.

Aug 11, 2022
12 minute read
Featured image of post MoqHao Android malware analysis and phishing campaign
Malware

MoqHao Android malware analysis and phishing campaign

Technical analysis of the MoqHao (a.k.a RoamingMantis) Android malware and phishing campaign

Aug 11, 2022
19 minute read
1 2 3
© 2020 - 2026 xanhacks' infosec blog
Built with Hugo
Theme Stack designed by Jimmy