A cybersecurity student specializing in red teaming and exploit development. I document my journey through HackTheBox, vulnerability research, and malware analysis, and I build my own security tools along the way.
Here's what I've been working on lately:
CVE: Pending
Vendor: D-Link
Model: DIR_825AC_G1A_EU
Version: 1.0.5
Status: End-of-life (EOL) device; report submitted without a response from the vendor
I discovered this vulnerability during normal use of my router. The web interface endpoint accepts a file path as a p...
A social engineering technique known as ClickFix has been gaining popularity recently. The attacker creates a fake authentication page mimicking CAPTCHA or Cloudflare protection, which prompts the user to run a command directly on their system—on Windows via the Win + R dialog, on macOS by openi...