Dock12 - Sorint.Lab

Dock12 - Sorint.Lab https://dock12.sorint.com/ Recent content on Dock12 - Sorint.Lab Hugo -- gohugo.io en-us Tue, 08 Apr 2025 08:14:54 +0000 3 Ways In: Exploiting WordPress Plugins via File Upload and Deserialization https://dock12.sorint.com/post/report/ Tue, 08 Apr 2025 08:14:54 +0000 https://dock12.sorint.com/post/report/ In this post, I break down three real-world vulnerabilities found in WordPress plugins — from unsafe deserialization to arbitrary file upload — and show how they can lead to full compromise.Includes analysis, PoCs, and exploitation details. Exploring UTF-16 and its oddities in JavaScript https://dock12.sorint.com/post/javascript-utf16/ Wed, 20 Nov 2024 15:35:32 +0100 https://dock12.sorint.com/post/javascript-utf16/ Uncovering the unexpected behaviors of JavaScript strings and the challenges posed by UTF-16 encoding Why Cross-Site Request Forgery is not dead https://dock12.sorint.com/post/cspt-csrf/ Mon, 29 Jul 2024 12:49:54 +0100 https://dock12.sorint.com/post/cspt-csrf/ While modern defenses have made CSRF vulnerabilities more challenging to exploit, emerging techniques still pose significant threats Common OAuth2 misconfigurations and vulnerabilities https://dock12.sorint.com/post/oauth2-vulnerabilities/ Mon, 27 May 2024 15:10:23 +0100 https://dock12.sorint.com/post/oauth2-vulnerabilities/ Let’s take a look at the most common OAuth2 misconfigurations that can lead to vulnerabilities Protocol impersonation attacks with QUIC https://dock12.sorint.com/post/quic-csrf/ Fri, 15 Mar 2024 11:23:21 +0100 https://dock12.sorint.com/post/quic-csrf/ Exploring security risks in a ‘Secure by Design’ and modern transport protocol Approaching R2R from an RE point of view https://dock12.sorint.com/post/ready-to-run/ Mon, 29 Jan 2024 17:20:37 +0100 https://dock12.sorint.com/post/ready-to-run/ Legit features often turn into something unexpected: an Insomni’hack Teaser 2024 challenge writeup Is it possible to break RSA? (Part 1) https://dock12.sorint.com/post/breaking-rsa/ Wed, 20 Dec 2023 11:13:37 +0100 https://dock12.sorint.com/post/breaking-rsa/ RSA is an old but still secure public-key cryptosystem. However we need to know how it works to avoid mistakes that could introduce vulnerabilities.. Madame De Maintenon’s Cryptographic Pursuit – Unmasking the Traitors https://dock12.sorint.com/post/unmasking-the-traitors/ Wed, 20 Dec 2023 10:13:37 +0100 https://dock12.sorint.com/post/unmasking-the-traitors/ Inside the Hex-Rays CTF Challenge and the “mysteries” of RSA A closer look to Single-Packet attack https://dock12.sorint.com/post/a-closer-look-to-single-packet-attack/ Mon, 23 Oct 2023 16:14:32 +0200 https://dock12.sorint.com/post/a-closer-look-to-single-packet-attack/ How HTTP/2 capabilities can be used to uncover Web race conditions Writing your first custom Semgrep rule https://dock12.sorint.com/post/writing-your-first-custom-semgrep-rule/ Thu, 27 Jul 2023 14:47:23 +0200 https://dock12.sorint.com/post/writing-your-first-custom-semgrep-rule/ Using semgrep to write custom SAST rules and prevent vulnerabilities in your code How I met JavaScript Reflect (thanks to playing CTF) https://dock12.sorint.com/post/javascript-reflection/ Tue, 30 May 2023 10:09:10 +0200 https://dock12.sorint.com/post/javascript-reflection/ Playing CTF competitions to learn new stuff and discover hidden and powerful features An unpredictable XSS story https://dock12.sorint.com/post/an-unpredictable-xss-story/ Mon, 08 May 2023 17:08:51 +0200 https://dock12.sorint.com/post/an-unpredictable-xss-story/ How an image compression feature can lead to XSS Writeup: Speed-Rev Bots (HackPack CTF 2023) https://dock12.sorint.com/post/speed-rev-bots/ Wed, 26 Apr 2023 09:44:47 +0100 https://dock12.sorint.com/post/speed-rev-bots/ A CTF writeup about solving 6 challenges in 5 minutes Java insecure deserialization 101 https://dock12.sorint.com/post/java-insecure-deserialization-101/ Wed, 19 Apr 2023 12:49:53 +0200 https://dock12.sorint.com/post/java-insecure-deserialization-101/ A basic introduction to Java insecure deserialization and and how attackers can exploit this vulnerability to get RCE Java Native Interface and its hidden threats https://dock12.sorint.com/post/jni-security-risks/ Mon, 13 Mar 2023 10:53:00 +0100 https://dock12.sorint.com/post/jni-security-risks/ How interoperation between the JVM and native code can create security issues Thoughts about Yara rules https://dock12.sorint.com/post/yara-rule-thoughts/ Mon, 06 Feb 2023 13:35:47 +0100 https://dock12.sorint.com/post/yara-rule-thoughts/ I decided to create a Yara rule to detect a malware: some things you may find useful about the process JavaScript prototype chain and security risks https://dock12.sorint.com/post/js-prototype-pollution/ Fri, 03 Feb 2023 15:53:19 +0100 https://dock12.sorint.com/post/js-prototype-pollution/ What is a prototype in JavaScript and how this useful feature can lead to security risks