16h ago · 7 min read · INTRODUCTION This research presents a full 0day XSS discovery and exploitation walkthrough conducted on the CI4MS application. The focus of this study is not a single XSS instance, but how a recurring
Join discussionApr 1 · 7 min read · A Mobile APK Vulnerability Chain in a private program: Client: redacted Method: Static analysis Severity: High to critical Findings: 5 Executive Summary: This write-up details a multi-stage vulnerabil
Join discussionFeb 7 · 3 min read · 📝 Quick Summary: MetaRadar is an Android application designed for monitoring and analyzing Bluetooth Low Energy (BLE) environments. It allows users to scan for BLE devices, track their presence, analyze their GATT services, and receive real-time ale...
Join discussionJan 18 · 4 min read · How “Free Tokens” Drain Wallets Without Touching Your Private Keys If you’ve been in crypto long enough, you’ve probably opened your wallet and seen some random token you never asked for. No announcement.No tweet.No Discord ping. Just there. Most peo...
Join discussionNov 15, 2025 · 10 min read · What`s up! 🌐 Hello dear reader — and welcome to Side Episode of my journey through Damn Vulnerable DeFi.I’m Pavel, aka kode-n-rolla, your guide through the world of Web3 security and smart-contract hacking. This series documents not just the solutio...
Join discussion
Oct 7, 2025 · 10 min read · “The easiest way to get started is to find some promising research by someone else, build on it by mixing in other techniques, then apply your new approach to some live targets to see if anything interesting happens” — James Kettle, Director of Resea...
Join discussion
Aug 22, 2025 · 9 min read · GMX is one of the leading decentralized perpetual exchanges in DeFi, enabling users to trade leveraged positions directly on-chain across Arbitrum and Avalanche. In July 2025, GMX suffered a critical exploit that drained approximately $42 million fro...
Join discussionMay 5, 2025 · 3 min read · Hi guys, Its David again, your favorite software developer and Security Researcher. I am back again with another report for you. Like i promised, i would make sure to be documenting all my bug findings. Had a busy week, so i utilized the weekend to m...
Join discussionMar 1, 2025 · 4 min read · By Kurshid Shaik | 03-01-2025 When it comes to web security challenges, OverTheWire’s Natas series is one of the most practical ways to learn hacking techniques in a controlled environment. Each level teaches real-world vulnerabilities, from basic au...
Join discussion
