hackyboiz
@hackyboiz
Vulnerability Research Team Blog & Newsletter
[Research] Building an IP-to-Country Database Part 2 (With BGP) This is the second post in the series on building an IP-to-country database. Create your own IP information lookup service using publicly available BGP (Border Gateway Protocol) data! hackyboiz.github.io/2025/07/27/emp…
![hackyboiz's tweet image. [Research] Building an IP-to-Country Database Part 2 (With BGP)
This is the second post in the series on building an IP-to-country database.
Create your own IP information lookup service using publicly available BGP (Border Gateway Protocol) data!
hackyboiz.github.io/2025/07/27/emp…](https://pbs.twimg.com/media/Gw4RX9uacAEU_5j.jpg)
[1day1line] CVE-2025-1550: RCE Vulnerability in Keras Due to Insufficient Validation During Model Loading hackyboiz.github.io/2025/07/26/poo… Today’s One-Line Summary covers an RCE vulnerability found in the deep learning library Keras. Due to insufficient validation of the config file…
[HackingTweet🐥] 🕵️♀️“Wait... I got this from the official site??” Yep, even legit-looking downloads can be sneaky 😱 Let’s talk supply chain attacks — what they are and how to avoid ‘em. Catch all the deets in this week’s newsletter 👇 maily.so/hackyboiz/post… #CyberSecurity…
[Research] MCP (Model Context Protocol) Part 1 (en) Hello! Let's learn about MCP today. If you want to know about the hot MCP these days, check it out right now. 👇 hackyboiz.github.io/2025/07/24/rom…
[1day1line] CVE-2025-34508: Path Traversal in ZendTo hackyboiz.github.io/2025/07/23/cla… Today's vulnerability is the Path Traversal vulnerability (CVE-2025-34508) in ZendTo. This vulnerability arises due to insufficient validation of user input (chunkName, tmp_name) in the dropoff…
[Research] CVE-2025-32463 Into the 'sudo -R' hackyboiz.github.io/2025/07/21/poo… Hello, I'm poosic. This is my first research post! I've summarized the questions I had while analyzing the CVE-2025-32463: ‘sudo -R’ LPE vulnerability and my analysis of it! I hope it will be helpful for…
![hackyboiz's tweet image. [Research] CVE-2025-32463 Into the 'sudo -R'
hackyboiz.github.io/2025/07/21/poo…
Hello, I'm poosic. This is my first research post! I've summarized the questions I had while analyzing the CVE-2025-32463: ‘sudo -R’ LPE vulnerability and my analysis of it!
I hope it will be helpful for…](https://pbs.twimg.com/media/GwXMvYkW8AANm1n.jpg)
[1day1line] CVE-2025-25257: Pre-auth SQL Injection leading to RCE in Fortinet FortiWeb Fabric Connector. hackyboiz.github.io/2025/07/19/ban… Today’s 1day1line covers an unauthenticated SQL Injection in FortiWeb via Bearer token parsing, allowing file creation and potential command…
[HackingTweet🐥] 🪖 Victory in Cyber War Starts with Real-World Training Did you know nations engage in large-scale cyber war simulations? Locked Shields, led by NATO, is the world’s biggest real-time cyber defense exercise—bringing together over 4,000 experts from 41 countries.…
[Research] CVE-2025-24985: Windows Fast FAT Driver RCE Vulnerability hackyboiz.github.io/2025/07/17/ogu… The vulnerability was caused by the ability to control five variables within the VHD file that determine the number of clusters.
![hackyboiz's tweet image. [Research] CVE-2025-24985: Windows Fast FAT Driver RCE Vulnerability
hackyboiz.github.io/2025/07/17/ogu…
The vulnerability was caused by the ability to control five variables within the VHD file that determine the number of clusters.](https://pbs.twimg.com/media/GwC4HkLasAEh-9D.jpg)
We'll be publishing an analysis of the CVE-2025-24985 Windows Fast FAT Driver RCE Vulnerability that MS patched in March, along with a BSOD PoC tomorrow. youtube.com/watch?v=6ppD0o…
[1day1line] CVE-2025-32462: Elevation of Privilege via the host Option in sudo hackyboiz.github.io/2025/07/16/poo… Today’s 1day1line follows up on the previous chroot issue. It's another vulnerability in sudo, this time involving the host option. While no separate exploit is required, the…
[Research] From Paper to Code: Smart Contract [en] Hello! I just published a new research on Smart Contracts. Read how they work and dive into common vulnerabilities. hackyboiz.github.io/2025/07/13/bek…
[1day1line] CVE-2025-32463: Local Privilege Escalation via chroot in sudo hackyboiz.github.io/2025/07/12/poo… Today’s 1day1line covers a local privilege escalation (LPE) vulnerability caused by the use of chroot in sudo.
[HackingTweet🐥] Why Telegram Is No Longer Safe Last September, Telegram, which had previously been extremely uncooperative with law enforcement, started providing information about criminals. As a result, law enforcement agencies say it has become easier to track down…
[팀원 모집 기간 연장] 안녕하세요, Hackyboiz 입니다. 이번 신입 팀원 모집 기간을 내일(일요일) 23:59까지 연장합니다! 혹시 깜빡해서 지원을 못하셨거나 아직 망설이고 계시다면 지금 바로 지원해주세요😊 forms.gle/paauCL146fBfF6…
[Research] Firmware Emulation with FirmAE Part 2 hackyboiz.github.io/2025/07/10/new… Hello This is newp1ayer48! This covers the use of FirmAE, a tool that easily automates firmware emulation! In Part 2, we will cover the configuration and execution of FirmAE, as well as how to resolve IP…
[1day1line] CVE-2025-6019: LPE from allow_active to root in libblockdev via udisks hackyboiz.github.io/2025/07/09/rom… Today’s 1day1line covers a local privilege escalation (LPE) vulnerability discovered in the udisksd disk management daemon and its backend library libblockdev on Linux…
[Hackyboiz 팀원 모집 Q&A] 안녕하세요, Hackuboiz 팀입니다! 저희 이번 신입 팀원 모집 마감일이 이제 3일밖에 남지 않았는데요, 모집 시작한 이후 많은 분들께서 다양한 질문들을 해주셨습니다 📷 오프라인이나 온라인으로 답변을 드렸습니다만 다른 분들에게도 도움될 정보라 공유드립니다. 1. CTF…