Chux – Medium

Chux

Injected #3: Lethal SSRF — Advanced Exploitation Series

Server-Side Request Forgery (SSRF) is rarely sexy on its own — it’s “just” a server fetching a URL. But when that fetch can reach internal…

Nov 8

Injected #3: Lethal SSRF — Advanced Exploitation Series

Nov 8

Injected #2: Lessons from Hacking a Financial Company

Last week we heard about a massive breach of RedHat, leading provider of enterprise open source solutions which provides many IT and…

Oct 24

Injected #2: Lessons from Hacking a Financial Company

Oct 24

Injected #1: From API Bugs To File Impersonation Attack

Hi hackers!

Oct 16

Injected #1: From API Bugs To File Impersonation Attack

Oct 16

Hunting For Vulnerable SSRF Mitigations

During my daily work, I love from time to time make a side quest to search for vulnerabilities in different software, especially open…

Oct 7

Hunting For Vulnerable SSRF Mitigations

Oct 7

Do It Yourself — One Weekend, 2 CVEs

I created a YouTube video to share some of my methodology for security research. This approach has consistently helped me discover…

Aug 31

Do It Yourself — One Weekend, 2 CVEs

Aug 31

Published in

Inside the Enemy Lines: How a Simple IDOR Unmasked a Major Malware Campaign

There are many different cybercrime services that are available for anyone who want to use them for malicious purposes. One of those…

May 10

Inside the Enemy Lines: How a Simple IDOR Unmasked a Major Malware Campaign

May 10

Published in

What We Learned From Salt Typhoon Telecom’s Operation

Recently CrownStrike released a report about a big operation of the Chinese threat actor on telecom companies. But this operation wasn’t…

Dec 13, 2024

What We Learned From Salt Typhoon Telecom’s Operation

Dec 13, 2024

Published in

5 Ways I Got RCE’s In the Wild

For offensive security professionals, finding RCE vulnerabilities is usually a crown jewel for many black-box and white-box projects. These…

Dec 7, 2024

5 Ways I Got RCE’s In the Wild

Dec 7, 2024

Published in

From File Upload To LFI: A Journey To Exploitation

Recently I had a client that asked for a black-box pentest for a new web app that the company was about to release. The objective of this…

Dec 2, 2024

From File Upload To LFI: A Journey To Exploitation

Dec 2, 2024

5 Side Hustles For Ethical Hackers

As the offensive cyber roles (pentesters, red teamers, security researchers and more) are considered to be well paid jobs, ethical hackers…

Nov 30, 2024

5 Side Hustles For Ethical Hackers

Nov 30, 2024

Chux

Chux

Red Teamer and Security Researcher | CVE-2024-46990 | CVE-2024-54128 | CVE-2025-29930 | https://x.com/chux13786509 | https://www.youtube.com/@chuxploit

Following

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech