My original plan for this post was to kick things off with a series on Windows Internals and Windows apps bug bounty hunting. And I promise future posts won’t be as “no actual exploit codes, just UI” as this one. However, security research happened. While analyzing a few applications, I came across an issue so weird and badly accepted that it deserved some attention. This was the case with the Zoho Assist unattended agent. What appears to be a standard remote support tool is, in fact, an implementation with an architectural flaw that fundamentally breaks the Windows security model. ...
Welcome to my blog :)
Welcome. This blog serves as a public notebook for my work in offensive security and vulnerability research. The goal here is not to write perfect guides. It is to document: Techniques I use or study Research that often turns into bug bounty reports Write-ups when possible And thoughts on offensive security in general This is a space for practical, hands-on security content. I hope you find it useful :)