Skip to content
GainSec

GainSec

Where OSINT, Hacking, Penetration Testing, Privacy, Piracy, Information Security, Cyber Security and Law are a lifestyle.

  • Home
  • Projects
  • Shop
  • Resume & CV
  • Press
  • Inquiries
  • About Me
  • Archives
  • Cart
  • $0.00 0 items

New Project: The Hackers Lunch Box

Been a long time! Just wanted to stop by and let y'all know I've created a new project on the GainSec GitHub! It's called The Hackers Lunch Box. Here's the description: High level attack and finding maps for all your penetration testing, hacking, bug bounty and red teaming needs! To be more specific, this is … Continue reading New Project: The Hackers Lunch Box →

gainsec Information Security Leave a comment December 21, 2023December 21, 2023

Cheap ‘n’ Easy Phishing (That Actually Works)

A lecture demonstrating how I compromised a trillion dollar organization for under $150.

gainsec Phish, Phishing Campaign, Red Team, Red Teaming, Social Engineering 1 Comment February 11, 2023February 11, 2023

10 Minutes of Google dorking for Covid Documents

So stoked to reveal that my article submission was published in the latest Unredacted magazine publication! Ik they received hundreds of submissions so to be chosen is just awesome! Check it out on page 34 HERE END TRANSMISSION

gainsec Information Security Leave a comment January 3, 2023

CVE-2022-34108, CVE-2022-34109, CVE-2022-34110 DoS + Arbitrary file Download/Copy in MSI Feature Navigator

Denial Of Service and an Arbitrary file copy and download found in MSI's Feature Navigator demo software!

gainsec CVE Leave a comment August 26, 2022August 26, 2022

CVE-2022-34615, CVE-2022-34621, CVE-2022-34623, CVE-2022-34624 – IDOR, User Enum and More (In Mealie)

Multiple new CVEs discovered and disclosed! IDOR, User Enum, invalid session termination and a weak password policy!

gainsec CVE, Information Security Leave a comment August 19, 2022August 19, 2022

CVE-2022-37857, CVE-2022-37163, CVE-2022-37164 Hardcoded Credentials/Weak Password Policies

A location sharing open source server and android client was found to hardcode credentials and allow weak passwords by default (including blank passwords!)

gainsec Android Hacking, CVE, Hacking Android, Mobile Penetration Testing, Pentesting Android Leave a comment August 7, 2022August 26, 2022

CVE-2022-35142, CVE-2022-35143, CVE-2022-35144 – DoS, XSS and Weak Password Policy in Renato a Markdown powered knowledge base

Multiple new CVEs discovered and disclosed! XSS, DoS and a weak password policy!

gainsec CVE, Web Application Pen Testing Leave a comment August 4, 2022August 4, 2022

CVE-2022-34613, CVE-2022-34618, CVE-2022-34619 – Multiple XSS (And more) in Mealie

Multiple new CVEs discovered and disclosed! XSS, file uploads and more!

gainsec CVE, Web Application Pen Testing Leave a comment August 2, 2022August 2, 2022

CVE-2022-34625 – Server-Side Template Injection to Remote Code Execution (SSTI) to (RCE) in Mealie – A lesson in patience

A detailed walkthrough of CVE-2022-34625 aka a Server-Side Template Injection (SSTI) to Remote Code Execution (RCE)

gainsec CVE, Web Application Pen Testing Leave a comment August 2, 2022August 2, 2022

CVE-2022-34009

Denial of Service discovered against Fossil SCM when running on Windows boxes.

gainsec CVE, Web Application Pen Testing Leave a comment July 27, 2022July 29, 2022

Posts navigation

Older posts
Newer posts

Follow

  • GitHub
  • X
  • Instagram
  • Tumblr
  • Pinterest
  • LinkedIn
  • YouTube
  • LinkedIn
  • Twitch
  • Facebook
  • Etsy

Loading Comments...