>Writings

I've recently steered my writing towards the academic realm, diving into papers and publications But for those of you who vibe with more laid-back reads, I'll be dropping thoughts and stories on Medium from now on.

I've got a treasure trove of old blog posts too, all about the art of crafting code and the thrill of cracking it. It's all archived for anyone who's curious about the paths I've wandered in the world of security. Just a heads-up: the tech world zips by pretty fast, so some of my past musings might be showing their age. You can catch up with my past exploits and creations right below. Who knows, you might find some gems in there!

bug

Breaking

A Samba's horror story, CVE-2021-44142 : Where I talked about a critical bug in samba used in pwn2own competition and how I reverse engineered and exploited it.
Exploiting magic links, critical bugs are one line away : Where I talked about how I found a critical authentication bypass on razor customer support portal.
ZombieVPN, Breaking That Internet Security : Where I talked about how I found a critical bug in a VPN provider and how i exploited it to gain CVE-2020-12828.
From 0 to 1337. brief security analysis of a large service provider : Where I talked about how I found a critical bugs I found during penetration testing of a large (country scale) service provider.
The Fall Of Mighty Django, Exploiting Unicode Case Transformations : Where I talked about how I found a critical bug (CVE-2019-19844) in django and reverse engineering and PoC reproduction of the bug.
Malware fight back the tale of agent tesla : Where I talked about reverse engineering a famous malware agent tesla and how to find and exploit a RCE on it's web panel.
Hunting for bounties antihack.me case study : Talked about an advanced XSS in SPF and DMARK (Mail authentication records) record and WAF bypass found on a bug bounty platform itself.
Hacking smart contract with paradigm 2022 CTF flavor : Where I talked about exploiting smart contracts with some challenges from Paradigm CTF 2022.
Breaking Breaking Into Information Security A Modern Guide : One of first posts I wrote about how to get into information security as offensive engineer.
building

Building

The Art of automation, creating your own Alfred : Where i talked about how i created my own alfred to automate my workflow from scraping to database storage , reporting and a silly GUI.
A step towards, real-world sherlock mind palace, introducing CrazyWall : Where I talked about how I created a real world sherlock mind palace to automate my OSINT workflow. highly underrated tool.
Python 3.7 Asyncio For Hackers : Where I talked about how to use asyncio to create a fast and efficient asynchronous web crawler.
Introducing CloudBrute, wild hunt on the clouds : Where I talked about how I created a tool to find misconfigured cloud buckets and how to use it.
Let's walk on the chains, creating a smart contract crawler : Where I talked about how I created a tool to crawl and extract smart contracts with blazing fast speed.
Introducing sec3hub.xyz, bloclchain security aggegator : Where I talked about how We created a blockchain security aggregator.
A Web3 Hackathon Lead Dev's Diary Our Journey Into Khazad-dûm : Where I talked about how we build full-stack dApp via other talented developers and participated in avax hackathon.
Threat intelligence, building your citadel : Where I talked about how I created a threat intelligence citadel to automate my threat intelligence workflow.
Made with
© 2023 0xSha