https://iamleandrooooo.github.io/ Recent content on Leandro's Code Cave Hugo en-us Fri, 03 Oct 2025 00:00:00 +0000 https://iamleandrooooo.github.io/posts/sandy/ Fri, 03 Oct 2025 00:00:00 +0000 https://iamleandrooooo.github.io/posts/sandy/ Challenge Description Author: John Hammond My friend Sandy is really into cryptocurrencies! She’s been trying to get me into it too, so she showed me a lot of Chrome extensions I could add to manage my wallets. Once I got everything sent up, she gave me this cool program! She says it adds better protection so my wallets can’t get messed with by hackers. Sandy wouldn’t lie to me, would she…? https://iamleandrooooo.github.io/about/ Sat, 13 Sep 2025 00:00:00 +0000 https://iamleandrooooo.github.io/about/ Hey, I’m Leandro! I am an Offensive Security Specialist, and spend my days hunting down security flaws, tinkering with code, and figuring out how systems can break (so we can fix them before anyone else does). I’ve collected a few certifications along the way (OSCE3, OSWE, OSED, OSEP, OSCP, OSWP, CRTP, GCIH, etc.), and a CVE(CVE-2025-28168). I actually started in software engineering, so I know my way around development, and architecture before diving headfirst into security. https://iamleandrooooo.github.io/posts/rc4_reverse/ Sat, 13 Sep 2025 00:00:00 +0000 https://iamleandrooooo.github.io/posts/rc4_reverse/ RC4 Reverse Engineering RC4 Overview RC4 is a lightweight stream cipher commonly used in malware for string decryption, binary unpacking, and encrypting network traffic. When analyzing a binary that uses RC4, there are a few key indicators and areas worth examining. No matter how much obfuscation is applied, typically if you find two loops responsible for initializing and scrambling a substitution box, it’s a strong sign that RC4 is being used. https://iamleandrooooo.github.io/posts/verificationclarification/ Sat, 13 Sep 2025 00:00:00 +0000 https://iamleandrooooo.github.io/posts/verificationclarification/ Challenge Description Author: @resume Difficulty: 🟡 Medium One of our users received an unexpected email asking them to complete extra verification in order to download a zip file, but they weren’t expecting to receive any files. Your task is to investigate the verification link provided in the email and determine if it’s suspicious or potentially malicious (“phishy”). Note: If the verification link doesn’t respond when you visit it directly, try accessing it using a different method or tool. https://iamleandrooooo.github.io/posts/sqlserverlinkedserverspasswords/ Fri, 12 Sep 2025 00:00:00 +0000 https://iamleandrooooo.github.io/posts/sqlserverlinkedserverspasswords/ SQL Server Linked Server Passwords ⚠️ Disclaimer: Legal Use Only This script is provided solely for legal purposes. Any use of this script for illegal activities or in violation of applicable laws is strictly prohibited. I take no responsibility if: You use this script for unlawful purposes. You encounter any legal consequences as a result of using this script inappropriately. This whole script can be broken down into 4 steps. The first step is enabling TCP/IP connections on all SQL Server Instances.