blogs

// writings on security research, exploits, and tools

2026
2026-05-02 Chaining ISC DHCP Server Features for Unauthenticated Root Remote Code Execution code-analysis code-review dhcp exploit rce static-code-analysis
2025
2025-04-19 Watch Your AI! Using Replit AI to Mask Your C2 Traffic AI C2 Malware redirectors traffic 2025-01-05 PandoraFMS v7.0NG.777.3 Remote Command Execution (CVE-2024-11320) AppSec static code analysis
2023
2023-01-29 Froxlor v2.0.6 Remote Command Execution (CVE-2023-0315) appsec static code analysis bug code analysis exploit file write php poc shell
2022
2022-06-18 Oh my API, abusing TYK cloud API management to hide your malicious C2 traffic api C2 redirectors redteam traffic 2022-02-01 DNSStager v1.0 stable: Stealthier code, DLL agent & much more Red Team
2021
2021-05-23 Unveiling DNSStager: A tool to hide your payload in DNS cobalt strike DNS DNSStager Penetration Test pentest redteam shellcode 2021-01-24 Unveiling BugHound: a static code analysis tool based on ElasticSearch AppSec Static Code Analysis
2020
2020-10-04 Defeat Bitdefender Total Security Using Windows API Unhooking to Perform Process Injection Red Team 2020-08-28 Octopus v1.2 stable: shellcode generation, spoofed args agent & much more! adversary simulation C2 Octopus power redteam 2020-07-26 In-Memory shellcode decoding to evade AVs/EDRs Red Team beacon cobalt strike encoding process injection shellcode 2020-06-29 OCS Inventory NG v2.7 Remote Command Execution (CVE-2020-14947) code-analysis exploit php python rce 2020-05-28 Automate Octopus C2 RedTeam Infrastructure Deployment infrastructure octopus opsec python redirectors redteam 2020-04-27 Open-AudIT v3.3.1 Remote Command Execution (CVE-2020-12078) code analysis exploit Open-AudIT python rce 2020-03-29 Octopus v1.0 stable: Cobalt Strike deployment & much more! adversary C2 dotnet Octopus powershell redteam simulation 2020-02-21 Cacti v1.2.8 Authenticated Remote Code Execution (CVE-2020-8813) Cacti exploit php python rce static code analysis 2020-01-04 PandoraFMS v7.0NG authenticated Remote Code Execution (CVE-2019-20224) code analysis exploit pandora php rce
2019
2019-12-10 Unveiling Octopus: The pre-operation C2 for Red Teamers C2 kaspersky Octopus powershell redteam windows 2019-10-25 rConfig v3.9.2 authenticated and unauthenticated RCE (CVE-2019-16663) and (CVE-2019-16662) code analysis exploit php python rconfig static code analysis 2019-08-14 FusionPBX v4.4.8 authenticated Remote Code Execution (CVE-2019-15029) code analysis FusionPBX metasploit php python 2019-06-30 Centreon v19.04 Remote Code Execution (CVE-2019-13024) code analysis command execution exploit php python 2019-01-06 LibreNMS v1.46 Remote Code Execution (CVE-2018-20434) CVE-2018-20434 LibreNMS Remote Code Execution PHP Static Code Analysis