rehackxyz

I just wrote a new blog on bypassing CA policies in Entra ID that have a resource exclusion, and why you probably want to enable baseline enforcement if you have such policies. Enjoy! dirkjanm.io/bypassing-cond…

github.com/cure53/DOMPuri… このバイパス、selected属性の削除じゃなくても再現できそう。こっちのが他の場面でも使えるかも： <select> <button> <selectedcontent></selectedcontent> </button> <noscript><option></option></noscript> <option><img src=x onerror=alert()></option> </select>

We've all been there: found an XSS, blocked by CSP. There's a bunch of CSP bypasses that you can try by @renniepak: cspbypass.com It has a compilation of bypasses, based on the exact CSP you're up against.  Here’s a quick tutorial on how to use it 👇

youtube.com/live/iZE_iHcv7… Our researchers spent several weeks developing a full Chrome exploit chain and wondered about the current state-of-the-art in this area. For the benefit of the community, we invited the GOAT of browser exploitation, @5aelo, to share his perspectives on modern browser security and exploitation. This event will be live-streamed on YouTube and open to everyone. Submit your questions: forms.gle/5gDKBibS6WkDx3… Add to Google Calendar: calendar.google.com/calendar/rende… Add to Outlook Calendar: outlook.office.com/calendar/0/dee…

Inspired by master @kinugawamasato, here's a DOMPurify bypass, found by Codex: ```html ``` SAFE_FOR_TEMPLATES is a DOMPurify option that strips template syntax like {{...}} so sanitized HTML can't smuggle expressions into a framework like Vue. This bypasses it. How it works: DOMPurify's job is to delete dangerous code like {{...}} before it reaches Vue. Normally it checks twice, but the RETURN_DOM option skips the second check. So we sneak the payload past the first check by chopping {{...}} into harmless looking pieces, with junk tags between them. DOMPurify strips away the junk tags, the pieces fall back together into {{...}}, and Vue runs the code. Fixed in 3.4.0. Detailed breakdown: github.com/cure53/DOMPuri…

Cyber Skills Level-Up! 2026 Ep02 UTP, Perak, Lets gooo!! linkedin.com/posts/cyberski…

New research: We were able to access camera permissions and obtain user GPS coordinates across 20+ major mobile wallets by exploiting WebView misconfigurations. Here's how ↓

Alhamdulillah diberi peluang untuk hasilkan video travel Malaysia bersama @mshaffuan07

There are very few people in the #bugbounty community that share their stellar research in this day and age. Massive respect. @brutecat made half a million hacking Google with AI, and he also shared his prrompts and techniques! brutecat.com/articles/hacki…

We sent Claude Mythos Preview spelunking through Squid’s guts, and it surfaced clutching a 29-year-old bug. Meet Squidbleed: a Heartbleed-style vulnerability that leaks internal memory from every version of Squid Proxy, in its default configuration. Full story: blog.calif.io/p/squidbleed-c…

Kelas still open bagi yg mana tak sempat! 1. Join terus (Google Meet): meet.google.com/jhc-hknn-zyc 2. RSVP / add ke calendar (optional): calendar.app.google/CN4BMuRMEuYE83… 3. Join Telegram komuniti untuk updates, kelas dan talk akan datang: t.me/+Ny96BtOxjV5iN… Jumpa malam ni!

今年も AVTOKYO2026 ！ 📅 2026年11月21日（土）※今年は土曜日に戻ります 📅 November 21, 2026 (Sat) — back to Saturday! 📍 TK NIGHTCLUB, Shibuya, Tokyo CFP/CFX will open soon. no drink, no hack. avtokyo.org/avtokyo2026 #avtokyo

> be pakistan government > develop custom malware > used to target high profile targets > used against indian military and political ppl > named SHEETCREEP > send indian ppl file > UAE-India Strategic Partnership Week > malicious .lnk file > .lnk executes malicious c sharp code > does a bunch of stuff for persistence > exfiltrates data to Google Sheets > Google Sheets can be used to control victim pcs > pakistan gov hardcodes google c2 sheet > PAKISTAN GOV HARDCODES GOOGLE C2 SHEET > embed access key in payload > EMBED ACCESS KEY IN PAYLOAD > malware nerds find it > look inside > find all targets from pakistan gov > monitoring 91 ppl they think important THEY STARTED SO STRONG. WHY DID YOU HARDCODE EVERYTHING. YOU BURNED YOUR OPERATION securonix.com/blog/sheetcree…

@vx_antibi0tic @offsectraining Power!!

My first attempt Exploit Developer (OSED) EXP-301 exam just passed! I enjoyed especially content that pushed down from exp-401. x64 vm-escape & dev shellcode. It's also fun to be able to read assembly in depth, heap/stack, reverse, and bypass aslr/dep. Thank you @offsectraining.

we have server RCE now too. with client + server, this is now wormable 😄 we have some other wormables too :D stay tuned

The video of the Kernel-Hack-Drill Masterclass that I gave in Kuala Lumpur🌴 A lot of live demos of Linux kernel attacks and defenses🛠 youtube.com/watch?v=zXVqGa…

Recording is now available!! youtube.com/watch?v=9kxwQC…

SharePoint Server RCE via webshell upload — CVE-2026-45454. A user with basic Contribute perms can upload an ASPX webshell to the Master Page Gallery and get code execution as the app pool identity. One HTTP request, no admin needed. Patch now. aretiq.ai/research/12/

meanwhile in Kuala Lumpur.. am i going to jail?