Sharp Security

About:

Sharp Security is a website focused on topics related to hacking, OSINT, and cryptocurrency.

Website:

sharpsec.run

Specializations:

Software Developer Cybersecurity Expert

Incoming Links:

Bogdan Deac

Outgoing Links:

Schneier on Security
Subscribe to RSS:
Link

0RCE Vulnerability in QBittorrent

2024-10-30

The text discusses a Remote Code Execution (RCE) vulnerability in qBittorrent's DownloadManager class that ignored SSL certificate validation errors for 14 years. The vulnerability requires MITM access or DNS spoofing to exploit a...

0Connection-Locked CL.TE HTTP De-Sync Attacks

2022-10-27

The text discusses HTTP De-Sync attacks, which are complex but powerful and versatile. It explains the concept of Connection-Locked CL.TE Desync and how to detect it. The author shares their journey of developing attacks, exploits...

0Client Side De-Sync and Synch0le

2022-10-22

The text discusses a new technique called Client-Side De-Sync attack, which confuses the server about the boundaries of the requests. It explains the four steps to perform the attack and introduces a tool called Synch0le to scan t...

0PoC Exploit Development: Apache Any23 RCE

2022-10-06

The text discusses the process of developing a proof of concept (PoC) exploit for an RCE vulnerability in Apache's Any23 service. The author details the steps taken to identify and exploit the vulnerability, including reverting th...

0TryHackMe Writeup: Reversing ELF

2022-09-28

The text is a writeup of a series of reverse engineering challenges, where the author explains the process of cracking each challenge and obtaining the flag. The challenges range from simple execution and string analysis to more c...

0DVWA: Weak Session IDs – Impossible Difficulty Part II

2022-08-09

The text discusses the method for cracking the cookies issued by an instance of PHP issuing outputs from mt_rand(). It explains the flaws in the method used and the optimization to solve the problems. It also introduces the techni...

0DVWA: Weak Session IDs – Impossible difficulty Part I

2021-09-05

The text discusses the author's experience with the DVWA, a vulnerable web application designed for beginners to practice hacking. The author describes the challenges, particularly the Weak Session IDs challenge, and the different...

0whoami

2021-09-04

The author has been interested in hacking and infosec since 2012, and has been learning and developing coding skills in Java, C++, and Python. They have recently started to give hacking a concerted try and are enjoying developing ...