eval.blog

This site contains research, technical papers, projects, and insights on systems programming, security, artificial intelligence, and game development by Vikrant aka 0xcrypto.

Recent Research

Stealing OAuth tokens of connected Microsoft accounts via open redirect in Harvest App

October 21, 2023 ◦ 4 min ◦

Vikrant Singh Chauhan

If you are coming from any link aggregrator website reading the old title "Microsoft Account's...

Breaking The Mutant Language's "Encryption (Writeup)"

August 15, 2023 ◦ 22 min ◦

Vikrant Singh Chauhan

Last year, my friend Gaurav Gogia presented Mutant Programming Language at Nullcon Goa 2022 as a way...

CraftCMS Zero-day Chain: XSS to SSTI triggering RCE

Public Disclosure of CVE-2021-27902 and CVE-2021-27903

July 29, 2021 ◦ 14 min ◦

Vikrant Singh Chauhan

Public Disclosure of CVE-2021-27902 and CVE-2021-27903 Overview CraftCMS allows users to upload file...

More Writeups ≫

Recent Blog Posts

Simple Prompts to get the System Prompts

December 30, 2024 ◦ 4 min ◦

Vikrant Singh Chauhan

AI wrappers are everywhere these days, but their security is often overlooked. In this article, we w...

The curse of blindness and knowledge

April 20, 2024 ◦ 3 min ◦

Vikrant Singh Chauhan

As an average guy trying to win in the industry of high intellectual people, I often look into my le...

A list of good and bad learning resources

August 20, 2023 ◦ 6 min ◦

Vikrant Singh Chauhan

The Internet is full of free content to learn about computers and programming in general. However, n...