Are you still not part of the EXCLUSIVE hacker community that receives a DAILY TECHNICAL article about hacking?
Every day, practical and advanced knowledge delivered straight to you.
Join now! 👇
Chaining Directory Traversal & CSV Parser Abuse for RCE in Django
Combines unsanitized username path traversal with pandas CSV to_csv() quirks to overwrite wsgi.py and gain RCE.
https://jineeshak.github.io/posts/Chaining-Directory-Traversal-and-CSV-Parser-Abuse-for-RCE-in-Django/
#django
Solo: A Pixel 6 Pro Story
Researcher adapts a Mali GPU integer overflow (CVE‑2023‑48409) to root Pixel 6 Pro by adding memory-spraying and SELinux bypasses—all from a single bug.
https://starlabs.sg/blog/2025/06-solo-a-pixel-6-pro-story-when-one-bug-is-all-you-need/
#Android
TapTrap: Invisible Animation‑Driven Tapjacking on Android
A malicious app with zero permissions uses transparent animations to hide real system prompts (e.g., camera, location, admin) and trick users into tapping them unknowingly.
https://taptrap.click/
#Tapjacking #AndroidAttack
GPUHammer: Rowhammer Attack on NVIDIA GDDR6 GPUs
GPUHammer is the first practical Rowhammer attack on GDDR6 VRAM (e.g., RTX A6000), flipping bits via CUDA and silently corrupting AI models, plummeting accuracy from ~80% to under 1%.
https://gpuhammer.com/
#Rowhammer #GPUAttacks
DreamWalkers: Reflective Shellcode Loader with Clean Call Stacks
A loader that achieves believable call stacks in reflectively loaded modules by parsing PE and registering unwind data via RtlAddFunctionTable.
https://maxdcb.github.io/DreamWalkers/
#ShellcodeLoader #CallStackSpoofing
Windows Kernel Pool Internals
Explains kernel pool allocation, PoolTags, segment heap (kLFH, VS, Large), and building a no‑admin tool to enumerate tags.
https://r0keb.github.io/posts/Windows-Kernel-Pool-Internals/
#Kernel #Heap #windows
Exploiting WRMSR in Vulnerable Drivers
Detailed guide on abusing unsecured WRMSR IOCTLs to overwrite LSTAR MSR, build ROP chains bypassing SMEP/SMAP/KPTI, and gain kernel execution.
https://idafchev.github.io/blog/wrmsr/
#Kernel #windows
Hexagon Fuzz: Full-System Emulated Fuzzing of Qualcomm Basebands
SRLabs released the first open-source emulator-based fuzzing toolchain for Qualcomm Hexagon baseband firmware
https://www.srlabs.de/blog-post/hexagon-fuzz-full-system-emulated-fuzzing-of-qualcomm-basebands
#Baseband #Fuzzing
Rediscovered an 11‑Year‑Old libpng Vulnerability
A beginner in secure code review reintroduced CVE‑2014‑9495 by fuzzing width * bit-depth overflow
https://blog.himanshuanand.com/posts/discovered-a-libpng-vulnerability-11-years-after-it-was-patched/
#libpng #IntegerOverflow
Resurrecting a Dead Torrent Tracker and Finding 3M Peers
Revived an expired .si tracker domain, launched Opentracker on VPS, and attracted ~1.7M torrents with 3.1M unique peers in just one hour.
https://kianbradley.com/2025/06/15/resurrecting-a-dead-tracker.html
#TorrentTracker
Reliable System Call Interception
Highlights using seccomp_user_notify with BPF for low‑overhead syscall interception, replacing slow ptrace—demoed via “copycat” tool for per‑syscall file redirection.
https://blog.mggross.com/intercepting-syscalls/
#Seccomp #SyscallInterceptor
VNC Honeypot Setup by James Woolley
Details setting up a VNC honeypot on Ubuntu that logs sessions, records attacker interactions, and captures payloads for monitoring.
https://ja.meswoolley.co.uk/vnc-honeypot/
#VNC #Honeypot
The Hidden JTAG in Your Qualcomm/Snapdragon Device’s USB Port
A built-in Embedded USB Debug (EUD) interface since ~2018 allows SWD/JTAG access via USB, enabling kernel/U-Boot debugging without external tools.
https://www.linaro.org/blog/hidden-jtag-qualcomm-snapdragon-usb/
#Snapdragon
Implementing Fast TCP Fingerprinting with eBPF
A Golang webserver uses eBPF (XDP + kernel hashmap) to capture TCP SYN options at kernel-level and fingerprint clients efficiently.
https://halb.it/posts/ebpf-fingerprinting-1/
#eBPF #TCPFingerprinting
How I Scanned all of GitHub’s “Oops Commits” for Leaked Secrets
Using GH Archive & GitHub Event API, Truffle’s tool scans zero‑commit force-pushes since 2020 to find leaked secrets.
https://trufflesecurity.com/blog/guest-post-how-i-scanned-all-of-github-s-oops-commits-for-leaked-secrets
#git
Alice’s Adventures in a Differentiable Wonderland
A friendly primer on differentiable programming and neural nets—covering autodiff, CNNs, RNNs, transformers in PyTorch & JAX.
https://arxiv.org/abs/2404.17625
#NeuralNetwork
Essential C – Stanford CS Education Library
Concise 45‑page guide covering C fundamentals: types, control flow, arrays, pointers, memory, struct, functions, and compilation.
http://cslibrary.stanford.edu/101/
#c #programming
TPU Deep Dive
Google’s TPUs use large systolic arrays, scratchpad memory, XLA AoT compilation, and 3D-torus interconnects to deliver exascale AI compute with efficiency.
https://henryhmko.github.io/posts/tpu/tpu.html
#tpu #firmware
Root Shell on Yomani Credit‑Card Terminal
Reverse‑engineered Worldline Yomani XR: found exposed serial console with root shell, bypassed tamper protections via hardware debug port.
https://stefan-gloor.ch/yomani-hack
#terminal
FileFix – A ClickFix Alternative
Browser trick uses file upload to open File Explorer, copy malicious PowerShell path disguised as a doc, and auto-execute via address bar.
https://mrd0x.com/filefix-clickfix-alternative/
#Phishing
Primitive Injection – Breaking the Status Quo
Project creates reliable read/write/allocate primitives to evade telemetry by enabling custom injection flows and changing process IOCs.
https://trickster0.github.io/posts/Primitive-Injection/
#injection #evasion
PicoEMP – Low-Cost DIY EMFI Tool
PicoEMP is a budget Electromagnetic Fault Injection (EMFI) device using Raspberry Pi Pico, ideal for hobbyist security research.
https://github.com/newaetech/chipshouter-picoemp
#HardwareHacking
Intercepting Traffic on Android with Mainline and Conscrypt
NVISO explains how Conscrypt updates impacted HTTPS interception and how their AlwaysTrustUserCerts Magisk module now supports A7–A16.
https://blog.nviso.eu/2025/06/05/intercepting-traffic-on-android-with-mainline-and-conscrypt/
#android
Fault Injection – Follow the White Rabbit
Demonstrates EMFI and voltage glitching on ESP32‑V3 to modify flash CRC32 and combine glitch for Secure Boot bypass via complex fault‑injection chain.
https://security.humanativaspa.it/fault-injection-follow-the-white-rabbit/
#EMFI #SecureBootBypass
Make Self‑XSS Great Again
Transforms stored self‑XSS into actual stored XSS using modern credentialless iframes plus CSRF to hijack victim sessions.
https://blog.slonser.info/posts/make-self-xss-great-again/
#web #xss
Funky Chunks: Abusing Chunk Line Terminators for Request Smuggling
Investigates ambiguous chunk-line terminators enabling HTTP request smuggling via non-standard chunk parsing.
https://w4ke.info/2025/06/18/funky-chunks.html
#RequestSmuggling #HTTPParsing
MCP Security Tips – 5 Risks & Safeguards
NCC Group highlights five MCP security risks: supply-chain, local/remote vulnerabilities, prompt injection, excessive capabilities, and offers practical mitigations.
https://www.nccgroup.com/us/research-blog/5-mcp-security-tips/
#MCP #AI
Emulating a Bike Sensor with ESP32 BLE
Builds an ESP32-based BLE Cycling Speed & Cadence sensor using a single reed switch to emulate speed and cadence, leveraging the standard CSC BLE profile.
https://eybisi.run/Emulating-a-Bike-Sensor/
#BLE #HardwareHacking
PatchGuard Internals – Deep Kernel Protection Dive
Explains PatchGuard’s initialization phases, secure-hypervisor activation paths, and context setup, revealing potential bypass points.
https://r0keb.github.io/posts/PatchGuard-Internals/
#PatchGuard #WindowsKernel
