SECarius

Using Microsoft SSO to Achieve Full Account Takeover Aug 22, 2025 A nice bug caused by a wrong Microsoft SSO implementation. ... ➦

How I found an RCE seconds after its publication Aug 21, 2025 A detailed blog on how I found an RCE seconds after its publication using profundis.io's alerting feature. ... ➦

What is a RCE after all? Just pieces of puzzle put together - RCE with bits and pieces (CVE-2024-36415) Feb 12, 2025 How I found a Remote Code Execution in SuiteCRM by abusing some weird app features and chaining multiple vulnerabilities. PoC for CVE-2024-36415. ... ➦

Using XSS filters against XSS filters - Unexpected SQL Injection (CVE-2024-36412) Feb 10, 2025 How I found a SQL injection in SuiteCRM by abusing the XSS filters. PoCs for CVE-2024-36408,CVE-2024-36409,CVE-2024-36410,CVE-2024-36411 and CVE-2024-36412 ... ➦

Do you know - How URIs works ? Feb 1, 2021 I read all the RFCs about the URIs so you don't have to. Here's a summary of the most important parts. ... ➦

Do you know - How to use Google? Jan 30, 2021 I searched for the best Google Dorks and GET parameters to help you with your OSINT research. ... ➦

Do you know - How emails format works ? Jan 1, 2021 I read the RFCs so you don't have to. Here's everything you need to know about email addresses. ... ➦

Writeup ECW 2020 - Web - Casino Royal Oct 13, 2020 Writeup for the challenge Casino Royal from ECW 2020. ... ➦

Writeup ECW Finals 2018 - Audit Active Directory Nov 27, 2018 Writeup for the challenge Audit Active Directory from ECW Finals 2018. ... ➦

Writeup NightHawk CTF Training Exercices - ImageMagick Aug 27, 2018 Writeup for the challenge ImageMagick from TJCTF 2018. ... ➦