Spaceraccoon's Blog

InfoSec and White Hat Hacking

2024

Jul 7

Universal Code Execution by Chaining Messages in Browser Extensions

web desktop reverse engineering

Feb 4

Back to the (Clip)board with Microsoft Whiteboard and Excalidraw in Meta (CVE-2023-26140)

web code review desktop

2022

Dec 17

I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSS

web code review

Sep 19

Challendar: Creating a Challenge for The Infosecurity Challenge 2022

dev web code review

Aug 29

Exploiting Improper Validation of Amazon Simple Notification Service SigningCertUrl

cloud web code review

Aug 18

You Have One New Appwntment: Exploiting iCalendar Properties in Enterprise Applications

desktop red team web ios android

Feb 3

Solving DOM XSS Puzzles

web code review

2021

Nov 26

The InfoSecurity Challenge 2021 Full Writeup: Battle Royale for $30k

desktop binary reverse engineering dev code review web android api red team

2020

Dec 23

Supply Chain Pollution: Hunting a 16 Million Download/Week npm Package Vulnerability for a CTF Challenge

web code review

May 15

Closing the Loop: Practical Attacks and Defences for GraphQL APIs

web api

Apr 5

Same Same But Different: Discovering SQL Injections Incrementally with Isomorphic SQL Statements

web

Feb 18

A Tale of Two Formats: Exploiting Insecure XML and ZIP File Parsers to Create a Web Shell

web

Jan 12

Remote Code Execution in Three Acts: Chaining Exposed Actuators and H2 Database Aliases in Spring Boot 2

web