1. Stealing OAuth tokens of connected Microsoft accounts via open redirect in Harvest App

    If you are coming from any link aggregrator website reading the old title "Microsoft Account's OAuth tokens leaking via open redirect in Harvest", I apologise for the po…

    2. Breaking The Mutant Language's "Encryption (Writeup)"

    Last year, my friend Gaurav Gogia presented Mutant Programming Language at Nullcon Goa 2022 as a way to "push security left". He developed this language as a way to encry…

    3. CraftCMS Zero-day Chain: XSS to SSTI triggering RCE

    Overview CraftCMS allows users to upload files via its Asset field. But the storage feature known as a volume within Craft CMS can be configured to point to any directory. This abi…
    More in Research >>

    Blog Posts

    1. Utilizing unit testing frameworks as a vulnerability scanner

    Understanding the problem Finding vulnerabilities is a complex process and what's more complex is exploiting the vulnerabilities across multiple targets in different configurations…

    2. A list of good and bad learning resources

    The Internet is full of free content to learn about computers and programming in general. However, not every place you learn from will teach you the best and oftentimes, they will …

    3. Meet Default RED

    Consider this article as the launch of Default RED, however, we are not completely new to the industry. Some of you may remember our operations by a former name, Hackberry, which I…
    More in Blog Posts >>


    1. Mutant Cure

    2. Project PURGE

    Following are some of the public repositories belonging to Project PURGE: OSINT Data webdetect

    3. whack

    More in Projects >>