Articles tagged "security"
My Experience on How RAT Communication Works
In this article, I share my experience and insights on how Remote Access Trojan (RAT) communication works. How RATs establish a TLS connection over port 443, creating an evasion technique to bypass network security measures.
AMM Invariant Drift: How Fee Accumulation and Donation Attacks Break Constant-Product Assumptions
The constant-product invariant — `x * y = k` — is the mathematical backbone of every Uniswap V2-style AMM. It is elegant, deterministic, and, in pure mathematical terms, unbreakable.
Building a Forta Bot to Detect Flash Loan-Funded Governance Attacks in Real Time
This content is provided for **EDUCATIONAL** and **AUTHORIZED SECURITY TESTING** purposes only.
CVE-2005-2773: When Your Network Management Platform Becomes the Attacker's Command Line
In enterprise security, the cruelest irony is when the tool you deploy to *monitor* your network becomes the tool an attacker uses to *own* it.
CVE-2007-5659: The PDF That Could Own Your Machine — Adobe's JavaScript Buffer Overflow Problem
Before endpoint detection was mature and sandboxing was standard, PDF files were one of the most reliable vectors for mass exploitation.
CVE-2008-2992: When Adobe Acrobat's JavaScript Engine Turned PDFs Into Remote Code Execution Weapons
Let's cut through the surface-level description: this isn't just a "buffer overflow in a PDF reader.
CVE-2009-0557: The Excel Object Record Corruption That Turned Spreadsheets Into Attack Vectors
In 2009, opening a spreadsheet from a colleague could hand an attacker full control of your machine—and most people had no idea the file format they trusted every day was a loaded weapon.
CVE-2009-1862: When Your PDF Reader Became a Drive-By Download Target
In the summer of 2009, attackers found a way to turn two of the most trusted file formats on the internet—PDFs and SWF files—into silent malware delivery machines.
CVE-2009-3129: The Excel FEATHEADER Vulnerability That Turned Spreadsheets Into Weapons
To understand this vulnerability, you need to know what a `FEATHEADER` record is. Excel's binary file format (`.
CVE-2009-3953: When a 3D Model Becomes a Root Shell
Let's talk about Universal 3D (U3D) for a moment, because most people don't realize it's even *in* a PDF.
CVE-2010-0188: The PDF That Owned Your Enterprise — A Definitive Analysis
In 2010, if you wanted to silently compromise a target's machine, you didn't need a zero-day in the OS kernel or a sophisticated supply chain attack — you sent them a PDF.
CVE-2010-0840: When Java's Trust Hierarchy Becomes Your Attack Surface
The JVM security model was supposed to be the gold standard for sandboxed execution—the whole premise of "write once, run anywhere" depended on it.
CVE-2010-2572: When a 15-Year-Old File Format Becomes a Modern Weapon
Here's the thing about legacy format parsers: they're almost always written once and then forgotten. Nobody refactors the PowerPoint 95 parser when they ship Office 2003.
CVE-2010-3765: When Firefox's Layout Engine Became a Drive-By Download Machine
In October 2010, attackers didn't need a phishing email, a malicious attachment, or any social engineering beyond "visit this website.
CVE-2010-3962: The IE Use-After-Free That Kicked Off the Modern Browser Exploitation Era
Here's the thing — use-after-free vulnerabilities have a reputation for being "complex." CVE-2010-3962 is a perfect case study in why that reputation is misleading.
CVE-2011-0611: The Flash Type Confusion That Rewrote Spear-Phishing Forever
A PDF lands in your inbox. You open it. You didn't click anything sketchy, didn't enable macros, didn't ignore a warning. You just *opened a file*.
CVE-2011-1823 (Gingerbreak): How Android's Volume Daemon Handed Root to Anyone Who Asked Nicely
`vold` — the Volume Daemon — is an Android system process that runs as root. Its job is managing storage volumes: SD cards, USB drives, partitioning, mounting.
CVE-2011-1889: When Your Firewall Client Becomes the Attack Surface
The bitter irony of this vulnerability is that the software designed to protect your network—the Forefront TMG firewall client—was itself the open door attackers could walk through.
CVE-2020-37153: When Your VoIP Billing Platform Becomes a Root Shell
Here's the thing about a CVSS 9.8 that's classified under CWE-79 (XSS): the headline weakness understates the real danger.
CVE-2026-1731: When Your Privileged Access Tool Becomes the Attacker's Front Door
Here's the thing about CWE-78 (OS Command Injection)—it's not a subtle, clever vulnerability class.
Defeating Self-Modifying Code in VM-Protected Binaries: A Practical Unpacking Workflow with x64dbg Scriptable Breakpoints
Commercial protectors like Themida and VMProtect do not simply compress or encrypt code — they *architecturally replace* it.
Extracting Firmware from SPI Flash Chips Using a Bus Pirate and Clip-On Probes
This content is provided for **EDUCATIONAL** and **AUTHORIZED SECURITY TESTING** purposes only.
GraphQL Alias Batching as a Rate-Limit and IDOR Bypass Primitive
GraphQL was designed to give clients power — the power to ask for exactly what they need, composed however they like, in a single round-trip. That composability is also its security paradox.
IBC Channel Security: How Unordered Channels Enable Cross-Chain Replay Attacks on Cosmos
The Inter-Blockchain Communication protocol (IBC) is one of the most sophisticated pieces of engineering in the blockchain space.
IPv6 Rogue Router Advertisements: Hijacking Windows and Linux Hosts on Dual-Stack Networks
Most security teams have a coherent IPv4 policy. Firewalls, DHCP snooping, ARP inspection — the usual suspects are configured and audited.
Mapping UART Pinouts on Mystery Boards with a Multimeter and Logic Analyzer — No Silkscreen Required
You've just received a hardware target through a bug bounty program — a compact IoT router, a smart home hub, or an industrial gateway.
The Handoff Problem: Writing Bug Reports That Survive a Triage Engineer's First 90 Seconds
This content is provided for **EDUCATIONAL** and **AUTHORIZED SECURITY TESTING** purposes only.
Threshold Signature Ceremony Attacks: How a Single Malicious Participant Biases Key Generation in FROST
MPC wallets have become the infrastructure layer of institutional crypto custody. The promise is compelling: no single key, no single point of failure.
Voltage Glitching the STM32F1 Read-Out Protection: A Step-by-Step Crowbar Attack
This content is provided for **EDUCATIONAL and AUTHORIZED SECURITY TESTING** purposes only.
Monitor for suspicious debugging activity
The fact that this vulnerability received a CVSS score of 7.8 (HIGH) is appropriate, though by today's standards, any reliable local privilege escalation to SYSTEM would likely score higher.
CVE-2006-2492: The Word Document That Changed Everything
In May 2006, a single malicious Word document exposed a vulnerability so dangerous that Microsoft issued an emergency patch outside their normal update cycle—something they rarely did back then.
CVE-2007-0671: The Excel Zero-Day That Rewrote the Rules of Office Security
When an "unspecified vulnerability" starts showing up in targeted zero-day attacks with a file named "Exploit-MSExcel.h," you know Microsoft's having a very bad day.
CVE-2024-7347: NGINX's MP4 Module Memory Overflow Threatens Video Streaming Infrastructure
When the world's most popular web server has a vulnerability in its video processing module, millions of streaming services just became potential targets for denial-of-service attacks.
HTTP Request Smuggling: Desync Attacks in 2026
This content is provided for EDUCATIONAL and AUTHORIZED SECURITY TESTING purposes only.
The Checklist Illusion: Why "Green" Isn't "Safe"
A deep dive into the reality of the Checklist Developer and why your green tick is probably a lie. Why 18 years in the trenches taught me that true security is constant, paranoid curiosity—not pipeline checkmarks.
Welcome to 0xrafasec — Where Security Gets Real
Why this security research blog exists, what you'll find here, and how to get the most out of it — from CVE breakdowns to hands-on hacking tutorials.