Dhiraj

Identified a vulnerability in dtprobed (DTrace) where a crafted USDT provider names lead to arbitrary file creation outside intended paths, leading to LPE. linux.oracle.com/errata/ELSA-20… #infosec

The red team tradecraft behind hard-to-detect AI phishing. derivai.substack.com/p/red-team-tra… #infosec #redteam

Here’s my write-up on a code execution in Google Gemini CLI. @dhiraj_mishra/code-execution-in-google-gemini-4e5909ec167d" target="_blank" rel="nofollow noopener">medium.com/@dhiraj_mishra… #infosec

I found a uXSS in DuckDuckGo Browser and here is the write-up. @dhiraj_mishra/duckduckgo-browser-uxss-via-autoconsent-js-bridge-02e3bc27a430" target="_blank" rel="nofollow noopener">medium.com/@dhiraj_mishra… #infosec

Through libFuzzer, Integer overflow when processing specially crafted ICO image files, leading to memory corruption in GIMP. github.com/inputzero/Secu… #infosec #fuzzing

I am sharing it, as this also affects self-hosted runners, usually enterprise servers aren't hardened enough so you can test this during RT/PT. (#hardening-for-self-hosted-runners" target="_blank" rel="nofollow noopener">docs.github.com/en/actions/ref…)

GH response via H1 - This is an intentional design decision. If you're able to gain a token and access contents outside of your repository's scope, we would certainly be interested.

I started reversing GitHub Actions, focusing on escaping the container responsible for running the jobs and found and exploited a volume injection vulnerability that was marked as informative on H1 by GH security. #infosec #redteam

We are sharing it, as this also affects self-hosted runners, usually enterprise servers aren't hardened enough so you can test this during RT/PT. (#hardening-for-self-hosted-runners" target="_blank" rel="nofollow noopener">docs.github.com/en/actions/ref…)

GH response via H1 - This is an intentional design decision. If you're able to gain a token and access contents outside of your repository's scope, we would certainly be interested.

Here is the POC for Claude code RCE via crafted folder. github.com/RootUp/claude-… #infosec #redteam

pwn'ed - HTB BlackSky Hailstorm. #infosec #HTB

@steventseeley This is so cool.

Samstung Part 1 :: Remote Code Execution in MagicINFO 9 Server srcincite.io/blog/2026/01/2…

Found a bypass in `xmldsigjs` that allows XML signature wrapping, letting modified data pass the signature verification; This is now fixed in 2.8.5. POC - (github.com/inputzero/Secu…) #infosec

Here is the write-up for my recent work RCE in AWS Kiro IDE (CVE-2026-0830). @dhiraj_mishra/cve-2026-0830-aws-kiro-gitlab-helper-remote-code-execution-1f826469228d" target="_blank" rel="nofollow noopener">medium.com/@dhiraj_mishra… #infosec #AI

Cobalt Core member @RandomDhiraj demonstrates how a malicious .git/config can trigger execution via IDE automation, turning a routine action into an initial access vector. Read on → hubs.la/Q03ZJYwr0

@Blackhatmea If you’re around, feel free to drop by and say hello. I’ll have a little swag to share too.

I'll be presenting at @Blackhatmea, 02 Dec (Tuesday) about my C2 (MeetC2) which uses Google APIs as a covert communication channel between operators and a compromised system. Ping me if you are around! blackhatmea.com/agenda-2025 #infosec #redteam