exploit-development

2026

February 9, 2026 Building a Headless Browser RCE with Claude Opus 4.6 Using Claude Opus 4.6 to build a working RCE exploit for a heap buffer overflow in PhantomJS, from existing CVE to PoC.
February 1, 2026 Hunting for Deserialization Gadgets in the Rails Ecosystem Walking through the process of identifying a deserialization gadget chain commonly available in Ruby on Rails applications.

2025

December 17, 2025 DNS Rebinding Attacks Against SSRF Protections How DNS rebinding bypasses common SSRF protections by exploiting the gap between DNS resolution and connection time, with practical attack techniques and defenses.

2022

February 18, 2022 Java Deserialization Vulnerabilities Understanding Java deserialization from serialization internals to exploitation, with a walkthrough of using ysoserial gadget chains to achieve RCE on Apache OpenMeetings.

2021

December 2, 2021 SSTI In Python Frameworks Exploiting Server-Side Template Injection in Jinja2 and Django, from MRO traversal to remote code execution, with detection and prevention strategies.
November 5, 2021 Discovering a Blind SQL Injection: Whitebox Approach Finding and exploiting CVE-2021-43481, a time-based blind SQL injection in webTareas, discovered through source code review.