Vikrant Singh Chauhan

Vikrant Singh Chauhan

About:

Vikrant Singh Chauhan, aka 0xcrypto, is a security software developer with interests in application security and programming languages.

Website:

eval.blog

Specializations:

Web Developer Software Developer Backend Developer Security Researcher Vulnerability researcher Exploit Developer Security Software Developer

Interests:

Application Security Cloud Security Endpoint Security Linux Darwin Systems Programming Languages Compilers

Outgoing Links:

Schneier on Security
Subscribe to RSS:
Link

0Simple Prompts to get the System Prompts

2024-12-30 security ai models developer

The article discusses how AI wrappers can be tricked into generating system prompts, exposing the limits put in place by developers. It provides various methods to get the system prompts and highlights the potential risks of AI mo...

0The curse of blindness and knowledge

2024-04-20 intelligence balance curse of knowledge student learning blindness

The text discusses the curse of blindness and the curse of knowledge, which are common problems faced by people trying to do something that requires intellect. The curse of blindness occurs when a person lacks knowledge and feels ...

0Stealing OAuth tokens of connected Microsoft accounts via open redirect in Harvest App

2023-10-21 cybersecurity oauth 2.0 software vulnerability

The text discusses a vulnerability in the Harvest app that allows for the stealing of access tokens through an open redirect in the OAuth application. It provides a proof of concept and details the process of reporting and fixing ...

0A list of good and bad learning resources

2023-08-20 programming computing learning education

The article provides a list of good and bad learning resources for computers and programming. It recommends official documentations, reputable boot camps and MOOCs, blogs by professionals, books, link aggregator websites, and repu...

0Breaking The Mutant Language's "Encryption (Writeup)"

2023-08-15 cybersecurity encryption programming language reverse engineering

The text is about the Mutant Programming Language, which was presented at Nullcon Goa 2022. The language is designed to encrypt code by mutating byte code in runtime. The author submitted the language as a challenge entry for CTF^...

0Meet Default RED

2023-08-14 cybersecurity turning red hackberry

The article introduces Default RED, formerly known as Hackberry, as a company focusing on cybersecurity products and vulnerability research. The author shares the challenges faced with Hackberry and the new approach with Default R...

0Utilizing unit testing frameworks as a vulnerability scanner

2023-01-12 cybersecurity software development software testing testing vulnerability assessment

The text discusses the use of unit testing frameworks as a vulnerability scanner, highlighting the flexibility and benefits of using unit tests over traditional vulnerability scanners. It provides a detailed guide on how to use xU...

0CraftCMS Zero-day Chain: XSS to SSTI triggering RCE

2021-07-29 security software vulnerability content management system cross-site scripting remote code execution server-side template injection

CraftCMS has a zero-day chain vulnerability that allows XSS to SSTI triggering RCE. The exploit chain consists of 3 vulnerabilities and 4 bugs, resulting in a monetary reward and 2 CVEs. The vulnerabilities have been fixed in vers...

0FILTER_VALIDATE_URL bypass in PHP 8

2021-07-16

...

0Untrusted code execution in PHPMailer

2021-07-10

...

0active_url validation check bypass in Laravel

2021-06-12

...

0POP Gadget using function injection in RequiredIf

2021-06-12

...

0Code Execution via Cross Site Scripting in Tagspaces (A file manager)

2021-06-11

...

0Relative Path Traversal in Flarum using fake OAuth Provider

2021-06-11

...

0XSS in Unified Transform (A school management software)

2021-05-18

...

0Getting Started with Greybox Testing

2021-04-07 cybersecurity software vulnerability bug bounty black box testing

The text discusses the concept of greybox testing, which involves accessing the source code to find vulnerabilities. It provides a step-by-step guide on how to get started with greybox testing, including choosing a target, finding...

0Coping with Burnout as a Security Researcher

2021-04-07 programming security hacking bug bounty

The text discusses the burnout experienced by a security researcher who transitioned from being a backend developer to bug bounty hunting. It delves into the challenges of bug bounty hunting, the difference between bugs and vulner...

0Stored Cross Site Scripting in October CMS

2021-04-03

...

0Cross Site Scripting in digidocu

2021-03-30

...

0Internal IP Address leak in Misconfigured WordPress to bypass WAF

2020-12-27 cybersecurity ip address content management system web application firewall

The text discusses the issue of IP address leakage in WordPress due to misconfiguration, which can bypass Web Application Firewalls like CloudFlare. It explains how the leakage occurs, the environment required for exploitation, an...