2026-01-31T15:38:48+00:00 https://x-c3ll.github.io 2026-01-30T10:00:00+00:00 /posts/Rant-Red-Team a rant about Red Teaming. 2024-08-25T00:03:37+00:00 /posts/comics An inventory of my current comics. 2024-07-15T00:03:37+00:00 /posts/Now-is-personal New approach for this blog. 2020-07-12T01:03:37+00:00 /posts/rogue-mysqld-steal-net-ntlm Hooking mysqld to steal net-NTLM hashes from developers. 2020-05-28T11:22:33+00:00 /posts/GetEnvironmentVariable-Process-Injection Brief description of how to use GetEnvironmentVariable as an alternative to WriteProcessMemory 2020-02-09T01:13:37+00:00 /posts/UAF-PHP-disable_functions Overview of PHP internals related with disable_functions and how common exploits works 2019-12-06T13:48:08+00:00 /posts/Pivoting-MySQL-Proxy Description of how to pivot though the MySQL service. Turning MySQL into a SOCKS5 that can be used by proxychains. 2019-11-01T12:00:00+00:00 /posts/blackbox-lief-kaitai Article describing how we used LIEF to isolate target functions and kaitai to describe the protocol. 2019-10-16T01:00:00+00:00 /posts/CSS-Injection-Primitives Collection of CSS / HTML primitives. Tricks to use as an alternative to JavaScript (exfiltration, timing, etc.) 2019-09-04T01:00:00+00:00 /posts/CVE-2018-7081-RCE-ArubaOS Walkthrough of discovering CVE-2018-7081 (memory corruption). Proof of Concept inside :) 2019-06-05T13:30:07+00:00 /posts/windows-port-knocking Example of how WFP can be used to communicate with an infected machine 2019-04-01T11:00:00+00:00 /posts/rethinking-inotify Examples of how the inotify API can be useful for the Red Team 2018-12-09T13:00:00+00:00 /posts/find-bypass-disable_functions Some ideas about how to extract hidden parameters in PHP functions and how to find potential bypasses 2018-11-09T15:00:00+00:00 /posts/DNS-endpoint-exfiltration Brief tutorial of how to use backend pipes in PowerDNS for exfiltration 2018-10-11T12:00:00+00:00 /posts/nn8ed-CTF Solutions to the challenges made by me in Navaja Negra CTF (Web, Pwn, Rev. & Misc.) 2018-08-14T13:11:37+00:00 /posts/swoole-deserialization-cve-2018-15503 Description of how the vulnerability was found and a few indications about its explotability 2018-07-28T12:00:10+00:00 /posts/PHP-extension-backdoor Article about how to build backdoors for the Zend Engine. 2018-07-05T13:00:37+00:00 /posts/Frida-Pwn-Adventure-3 Learn the basic usage of Frida with this tutorial. Build your own cheat with Frida. 2018-06-27T13:37:00+00:00 /posts/PAM-backdoor-DNS Description of how to backdoor PAM and exfiltrate credentials via DNS requests. Capture credentials FTW! 2018-05-08T12:00:00+00:00 /posts/forkpty-dnscat2 Quick article about how to improve well-known tools used in pentests. Forkpty() FTW!! 2018-03-09T12:00:00+00:00 /posts/bypass-wordpress-plugins Article about how to subvert file integrity checks made by most popular WordPress Plugins 2018-02-24T12:00:00+00:00 /posts/parasite-web-server-process Example of how to abuse permissive environments to infect processes with custom code using ptrace 2018-02-08T12:00:00+00:00 /posts/javascript-antidebugging List of antidebugging techniques applied to JavaScript (focused on browsers) 2018-02-03T10:00:00+00:00 /posts/impeldown-python-jail Solution to an easy python jail challenge 2018-02-02T12:00:00+00:00 /posts/fileless-memfd_create An example of how to drop modules on a target using the syscall memfd_create