Home Research CTF TryHackMe Contact

// research · saturn

Writing

16 posts on offensive security, exploitation techniques, and the tools behind them.

Web Sec

GraphQL Introspection: Exposing API Architecture

Using introspection queries to map hidden GraphQL APIs and surface unauthenticated query paths in production endpoints.

reconexploit
Read
Exploit

Jenkins Exploitation: Script Console RCE

Exploiting exposed Jenkins Script Console endpoints for immediate unauthenticated remote code execution and post-exploitation.

rceweb-sec
Read
Web Sec

CORS Misconfiguration & Data Exfiltration

How misconfigured CORS headers let attackers steal sensitive data from authenticated sessions across origins.

exploitnetwork
Read
Web Sec

Unauthorized Cache Purge: DoS via HTTP Methods

Abusing CDN cache-purging endpoints over HTTP to cause targeted denial of service without authentication.

networkdos
Read
Exploit

React2Shell: Modern Web Frameworks as Attack Vectors

How React-based SPAs expose attack surface through client-side bundling, public source maps, and exposed API schemas.

rceweb-sec
Read
Exploit

CVE-2025-24893: Unauthenticated RCE in XWiki

Template injection in XWiki's search endpoint leading to unauthenticated remote code execution on the host.

cverce
Read
Exploit

Mirth Connect RCE: Healthcare Meets Insecure Defaults

Exploiting default credentials and an exposed Groovy console in Mirth Connect for RCE in healthcare environments.

rcemalware
Read
Exploit

Sudo NSS Library Hijack: From User to Root

Abusing NSS plugin loading in sudo to inject a malicious shared library and escalate to root without a CVE.

privescsudo
Read
Exploit

Post-Exploitation Part 1: Privilege Escalation

Techniques for local privilege escalation after initial access: SUID binaries, sudo misconfigs, cron jobs, and kernel exploits.

privesclinux
Read
Network

Post-Exploitation Part 2: Pivoting

Network pivoting techniques after gaining a foothold: SSH tunnels, proxychains, and lateral movement through segmented networks.

pivotlateral
Read
Network

Detecting Firewalls Before They Detect You

Passive and active techniques for fingerprinting firewall rules and WAF behaviour without triggering IDS alerts.

reconevasion
Read
Culture

The Death of the Underground Hacking Scene

The hacking underground shifted from curiosity and idealism to commoditization. Where did the culture actually go?

cultureopinion
Read
Tools

Microsurf: Stripping Windows 10 Down to the Metal

Removing telemetry, bloat services, and background processes to build a minimal, privacy-respecting Windows 10 install.

windowsprivacy
Read
Tools

gr4v1ty: Network-Wide Ad Blocking on a $0 Server

Running DNS-level network ad blocking on a spare Android device with no additional hardware cost.

dnsandroid
Read
Tools

VANTA: Official Documentation

Complete reference for VANTA, a modular security framework in Go with a stdin/stdout JSON protocol for any-language modules.

goframework
Read
Tools

vmwarecommander: VMware Workstation for Every Linux Distro

A Bash utility automating VMware Workstation kernel module compilation and setup across major Linux distributions.

vmwarebash
GitHub