2025-12-08

React2Shell turns React Flight’s unsafe deserialization into a clean exploit chain—prototype poisoning → Function constructor → child_process.execSync—allowing full server-side RCE from a single crafted Flight payload.

2025-12-07

By exploiting RSA’s multiplicative homomorphism and the tiny structured key space, a meet-in-the-middle attack reconstructs the AES key without breaking RSA, allowing full decryption of the FLAG.

2025-12-04

Notes covering IKE enumeration, PSK hash cracking, and sudo CVE-based root escalation.

2025-12-02

Pentest walkthrough including enumeration, PCAP analysis, credential extraction, and cap_setuid priv-esc.