PhD, AI & Infosec enthusiast
Academic and technical background in AI and infosec. My work focuses on the intersection of AI and cybersecurity, both offensive and defensive.
Fear the EAR (Exit After Redirect) is a simple yet often overlooked vulnerability that can allow authentication bypass. This short post walks through the discovery process, how I exploited the issue, and how it was responsibly reported back to the program. Read more
![Struts your way into Strongkey [RCE]](/images/c3Ryb25na2V5LXJjZQo=.png)
Here's how I could pwned StrongKey, while exploiting an already released patch CVE. And this is why it's important to keep your component updated ! Read more
Local file include can be used by developers to retrieve files in the current working directory, however when an attacker locate the vulnerable endpoint, he can jump directories to read sensitive system files And this what happens when I was conducting my usual academic work till observing this LFI ! Read more
This is how I managed to solve a processing problem of a hudge json blob data, combining jq, and bash ! Read more
![Inside a global leader in CyberSecurity [bitdefender dashboard]](/images/Ynhzcy1iaXRkZWZlbmRlcgo=.png)
In this post, I describe how I was able to access the internal administrator dashboard of one of the well-known antivirus softwares (Bitdefender) by exploiting a blind xss and session hijacking. Read more
In this article, I'm describing my first steps into the linux world, and covering some definitions, as well as my experience through this nice world ! Trying to answer the second question, why I use it, and why you should too ? Read more