Recent Articles

React2Shell (CVE-2025-55182) - Critical Vulnerability in React Server Components

Deep dive into the React2Shell vulnerability affecting Next.js 15.x. Learn how the exploit works, how to set up a Docker lab, and advanced exfiltration techniques.

December 10, 2025 • Read more →

<IA/> Jun 25, 2025

Hacking AI - Attacks on Language Models

Detailed analysis of vulnerabilities in AI models and manipulation techniques in Machine Learning, especially in Large Language Models (LLMs), including prompt injection and jailbreak strategies

<POC/> Mar 26, 2025

CVE-2025-24071 - Filter netNTLMv2 Credentials with a simple ZIP

In this blog post, a proof-of-concept (PoC) is presented that demonstrates how a malicious `.library-ms` file can be used to capture netNTLMv2 credentials without the need for the victim to interact with the file. Simply unzipping the file is enough to trigger the vulnerability (CVE-2025-24071).

<Tools/> Oct 7, 2024

Upgopher, A Lightweight and Efficient File Server

This article provides a quick analysis of Upgopher, a simple web server for uploading and managing files, designed for both local and remote environments, maximizing portability and minimizing compatibility issues.

<Tools/> Jul 18, 2024

Setting Up MultiEvilnoVNC with HTTPS

This guide provides detailed instructions for setting up MultiEvilNoVNC, including preparing Docker containers, configuring Nginx, obtaining SSL certificates with Certbot, and modifying the startup script to ensure proper functionality. Additionally, it covers how to run the tool and manage and view sessions of websites visited by users.

<Technologies/> Aug 4, 2023

Password Security Policies (PSO) in Active Directory (AD)

Password Security Policies (PSO) in Active Directory (AD) are a critical component in a corporate network's security infrastructure. PSOs allow system administrators to enforce strict and customized rules for password creation and usage across the network, thus ensuring that all users adhere to best information security practices.

<Experiences/> Jul 1, 2023

My OSCP Experience

OSCP Exam Experience - Detailed Review, Tips & Journey to Passing the Offensive Security Certified Professional Certification | Personal Insights from the PWK Labs and 24-Hour Penetration Testing Challenge"

<POC/> Jul 1, 2023

POC log4j exploit.

Log4j - Complete Exploitation Guide & Proof of Concept | Detailed Walkthrough of the Critical Log4j Security Flaw with Real-World Attack Scenarios and Mitigation Strategies

<Tools/> Jul 1, 2023

PoFish, a docker for phishing

Lately I have been making several phishing attempts. For one thing or another I have had to perform the same configuration of the same applications in different environments. For this reason I have created a DockerFile which once built, can be deployed with different options to perform a phishing exercise.

<Experiences/> Jul 1, 2023

How to Solve the Monkey Vulnerable Machine

Learn how to solve a CTF machine in this post. Discover how to perform a login bypass, decrypt hashes, escalate privileges, and more.