ActiveMQ-EXPtools is a security utility that detects and exploits multiple Apache ActiveMQ CVEs, provides Perl reverse‑shell payloads for CVE‑2015‑5254, notes authentication requirements for CVE‑2022‑41678, and offers download links and references for further analysis.
Google released an emergency update on April 1 2026 fixing a critical Use‑After‑Free vulnerability (CVE‑2026‑5281) in Chrome’s WebGPU Dawn component, which is already exploited in the wild; the article details the flaw’s mechanics, attack flow, affected versions, exploitation challenges, and mitigation recommendations.
An in‑depth analysis of Linux Memory Protection Keys (pkeys), their x86_64 and arm64 implementations, related syscalls, and a step‑by‑step exploit that randomises PKRU permissions and then uses WRPKRU to bypass the restrictions and capture the flag in a CTF PWN challenge.
The latest Metasploit release introduces seven exploit modules—including three chained attacks against FreePBX and critical remote code execution exploits for Cacti and SmarterMail—while also adding persistence tools and fixing several bugs that affect testing accuracy.
This article explains Python object injection, covering class basics, the pickle module's role in serialization, how untrusted data can lead to code execution, detection methods, and step‑by‑step creation of a malicious payload to demonstrate a real exploit.
This article provides a detailed glossary of common hacking terms and techniques—from black‑hat attackers and backdoors to APTs, exploits, and dark‑web concepts—explaining each threat, its purpose, and how it impacts information security.
This article analyzes a vulnerability in Android's FileSharingActivity that allows malicious apps to manipulate file-sharing intents, craft dangerous URIs and filenames, and ultimately overwrite sensitive data or execute arbitrary code, while also offering concrete mitigation strategies.
The article dissects three Android flaws—a misconfigured FileProvider, the privileged startAnyWhere capability, and asymmetric Parcel serialization—showing how their interaction lets an attacker hide a malicious Intent, bypass export checks, read private data, alter system settings, and gain elevated privileges, while outlining mitigation strategies.
This article provides a comprehensive glossary of 27 common hacking terms—from black‑hat and backdoor to zero‑day exploits and dark‑web concepts—explaining each technique, malware type, and security threat in clear, concise English for anyone interested in cybersecurity fundamentals.
This article explains the fundamentals of Android Binder services, categorizes Origin, AIDL, HIDL, and Vendor types, describes methods for locating services, and details common vulnerability patterns such as uninitialized memory, out-of-bounds reads/writes, and type confusion, illustrated with real CVE cases and mitigation insights.
This article analyzes a ThinkPHP 6.0 deserialization exploit chain that leverages LeagueFlysystem's cached storage classes, detailing the sequence from __destruct to write, showing how controllable parameters enable arbitrary file writes and providing a proof‑of‑concept demonstration.
This article examines how inconsistencies between Parcelable serialization and deserialization in Android's Binder/Parcel mechanism can cause data misalignment, enabling attackers to craft malicious Bundles that bypass checks, and outlines various exploitation scenarios and mitigation strategies introduced in recent Android releases.
DirtyPipe (CVE‑2022‑0847) is a high‑severity Linux kernel flaw that lets attackers arbitrarily overwrite any readable file via an uninitialized pipe‑buffer flag, enabling privilege escalation on Android and other systems by patching shared libraries, bypassing SELinux, loading malicious modules, and ultimately gaining root, highlighting urgent need for patches and integrity protections.
This article details the discovery, official announcement, prerequisite conditions, and step‑by‑step reproduction of the critical Spring Framework remote code execution vulnerability (CVE‑2022‑22965), including exploit payloads, JSP backdoor creation, and practical mitigation insights.
This article explains Java's reflection mechanism, details how deserialization flaws in libraries like Apache Commons Collections and Fastjson allow attackers to craft malicious objects that trigger arbitrary command execution, and provides practical proof‑of‑concept steps and mitigation recommendations.
The article explains how JNDI works as a configuration and naming service in Java, shows its use with database drivers, and demonstrates how its SPI mechanism can be abused to load remote code, leading to serious security exploits such as the Log4j vulnerability.
This article introduces Apache Log4j2, explains the remote code execution vulnerability caused by unsafe JNDI lookups, provides step‑by‑step environment setup, PoC code, exploitation instructions, and outlines official patches and temporary mitigation measures for developers and security engineers.
This article explains the Log4j2 remote code execution vulnerability, its affected versions, how to set up a test environment, detailed exploit code examples, and recommended mitigation measures including upgrades and JVM configuration changes.
This article explains the fundamentals of Java Naming and Directory Interface (JNDI), its architecture and typical usage, then walks through a step‑by‑step RMI implementation and demonstrates how JNDI can be abused to craft a Log4j2 remote code execution attack, complete with full code samples and mitigation advice.
This article presents a comprehensive GitHub collection of Spring Boot vulnerabilities, explains how to identify information‑leakage and remote‑code‑execution flaws via exposed Swagger and Actuator endpoints, and provides step‑by‑step verification commands for security testing.
This article introduces a GitHub repository that documents 16 Spring Boot vulnerabilities, detailing information leakage and remote code execution cases, providing step‑by‑step exploitation guides, underlying principles, and analysis for security research and authorized testing.
This article explains what insecure deserialization is, why it leads to high‑severity attacks, demonstrates typical PHP, Ruby, and Java examples, and provides practical techniques for identifying, exploiting, and mitigating unsafe deserialization vulnerabilities.
The article analyzes a bypass flaw in Nacos 1.4.1 where the serverIdentity key‑value authentication can be evaded by crafting URLs with a trailing slash, allowing attackers to list, create, and log in as users despite the intended security checks.
This article explains a critical Ubuntu flaw that lets a standard user create a new sudo account and gain root privileges without a system password, details the step‑by‑step exploitation process, and outlines the official patches released to fix the issue.
This article explains the concept of Address Space Layout Randomization (ASLR), illustrates how buffer overflow attacks work on Linux, shows step‑by‑step exploitation with disabled ASLR, analyzes memory layout calculations, and discusses the impact of PIE and modern mitigation techniques.
This article explains the mechanics of Java deserialization vulnerabilities, demonstrates how malicious payloads can trigger Runtime.exec via Commons‑Collections transformers and AnnotationInvocationHandler, showcases full exploit code, discusses Dubbo‑specific issues, and provides practical mitigation strategies.
This article expands on the author's BlueHat Shanghai 2019 presentation, summarizing Office‑related 0‑day and 1‑day vulnerabilities discovered between 2010 and 2018, categorizing them by component and type, and providing extensive references, analysis notes, and exploitation guidance for security researchers.
This article examines how a specially crafted PriorityQueue object, generated via the ysoserial tool, can be serialized and later trigger malicious code execution during Java deserialization, detailing the construction of the gadget, the transformation chain, and the underlying JVM mechanisms that enable the exploit.
This guide walks through creating a one‑line PHP backdoor, gaining interactive shells, escalating Linux privileges via kernel exploits and misconfigurations, compiling and using network sniffers, and harvesting credentials, all illustrated with concrete command‑line examples and code snippets.
This guide walks through creating a PHP backdoor, leveraging Python pty for interactive shells, compiling and using arpsniffer and linsniffer, performing network sniffing with tcpdump, applying various Linux privilege‑escalation exploits, and establishing persistent root access on vulnerable systems.
The article explains the Meltdown vulnerability affecting Intel CPUs, detailing how malicious unprivileged code can exploit out‑of‑order execution and a Flush+Reload side‑channel to read kernel memory, describing the attack path, secret channel construction, page‑fault handling, probe array setup, and code examples.
This guide shows how to plant a PHP backdoor, obtain an interactive shell, enumerate system information, compile and use network sniffers, modify source to capture credentials, and exploit Linux kernel and configuration weaknesses to achieve root access.
The article examines Spring Data REST’s CVE‑2017‑8046 remote‑code‑execution flaw, showing how a malicious JSON Patch path is turned into an unchecked SpEL expression that can run arbitrary commands, reproduces the exploit on a sample Spring Boot app, and advises upgrading to versions that include the path‑verification fix.
The article explains how insecure serialization in message‑queue middleware, especially Python's pickle used by Celery, can be abused to inject malicious payloads that trigger remote code execution on distributed workers, and it demonstrates detection and exploitation techniques against vulnerable Redis and MongoDB brokers.
This article explains Linux process address space layout and stack‑frame structure, demonstrates a classic buffer‑overflow attack with full source code and compilation steps, analyzes how the exploit gains root privileges, and discusses why modern compilers and shells affect the attack's success.
This article explains the unauthenticated SQL injection flaw in Zabbix's JSRPC profileIdx2 parameter, details its high impact on versions 2.2.x and 3.0.0‑3.0.3, provides a step‑by‑step proof‑of‑concept exploit, and recommends upgrading to version 3.0.4 to remediate the issue.
The article explains that Redis’s default public binding and lack of authentication allow attackers to read data, execute code, and write their SSH public key into /root/.ssh/authorized_keys, providing a complete guide to exploitation, statistical impact, PoC code, and practical mitigation measures.
This article analyzes a Node.js buffer‑overflow vulnerability triggered by oversized UTF‑8 decoding, explains the underlying V8 call stack and key functions, demonstrates an exploit using crafted POST requests, and outlines the official security fix that adds proper bounds checking.
