All Posts
-
CVE-2026-22787: Cross-Site Scripting (XSS) Vulnerability in html2pdf.js Library
A Cross-Site Scripting (XSS) vulnerability has been identified in the html2pdf.js library. The vulnerability exists due to unsanitized user input being directly assigned to the innerHTML property. This allows attackers to execute arbitrary JavaScript code in the context of the application, potentially leading to session hijacking, data theft, and unauthorized...
-
Game Hacking 101: Memory Manipulation in Mount and Blade Warband
Game hacking opens a window into how games store and manage data in memory. By understanding memory manipulation, you can modify in-game values, experiment with game mechanics, and gain deeper insights into how software works at a low level. In this guide, we’ll explore memory manipulation techniques using Mount and...
-
SQL Injection Vulnerability: Security Issue in GeoPandas to_postgis() Function
While using the GeoPandas library one day, I noticed something was wrong with the to_postgis() function. User inputs were being directly concatenated into SQL queries. This was a classic SQL injection vulnerability. After finding the vulnerability, I also wrote the fix myself and opened a pull request. In this post,...
-
CVE-2025-66019: LZW Decompression DoS Vulnerability in pypdf Library
PDF files use various algorithms to compress their content. This compression reduces file size but also carries some security risks. While conducting security research, I discovered a DoS (Denial of Service) vulnerability in the pypdf library’s LZW (Lempel-Ziv-Welch) decompression implementation. In this post, I’ll first explain how the LZW algorithm...
-
PassDetective: Detecting Passwords and Secrets in Your Shell History
Your shell command history might contain accidentally written passwords, API keys, or secrets. This information is stored in your history files and poses a security risk. PassDetective is a command-line tool that scans your shell history to detect such sensitive information. Available on both Kali Linux and NixOS, this tool...
-
AI-Powered CAPTCHA Bypass: Automating CAPTCHA Solving with GPT-4o and Gemini
While conducting security research, I wanted to test how effective CAPTCHAs really are. I was curious about how well modern AI models could solve visual and text-based CAPTCHAs. That’s why I developed a tool that uses large multimodal models (LMMs) like OpenAI’s GPT-4o and Google’s Gemini to automatically solve various...
-
exifLooter: Extracting Hidden Location Data from Images
While using exiftool in OSINT research, I developed exifLooter as an enhanced version that makes it easier to extract GPS coordinates and visualize them on OpenStreetMap. exifLooter is built on top of exiftool and provides a more practical solution, especially for extracting GPS coordinates and visualizing them on maps. Moreover,...
-
Hacking Instagram Scammers
Security research on Instagram phishing scams. Learn how scammers steal Instagram accounts through phishing websites and how to investigate them using OSINT techniques and XSS vulnerabilities.
-
Bypassing Door Passwords
Instead of a key, this type of lock system requires a numerical code to grant entry to a facility or property. The code is punched in by users via a numerical pad, similar to those on a basic calculator. If the correct code is entered, the door lock or deadbolt...