Security Research & Blog

Alexander Constantinou

Penetration tester with 9+ years in offensive security. CVE analysis, Hack The Box writeups, and red team research.

Recent Posts

CVE analysis, Hack The Box writeups, and security research.

CVE-2026-56112: ManageEngine ServiceDesk Plus XXE to SSRF and RCE

Unauthenticated XXE reads DB config → admin creds → Freemarker SSTI in report module → OS commands as SYSTEM. Two bugs, one pre-auth RCE chain.

Read more
CVE-2026-55601: Ivanti Connect Secure Pre-Auth Heap Overflow RCE

Oversized TLS SNI extension overflows a 512-byte heap buffer → corrupts adjacent chunk header → function pointer overwrite → root. CVSS 9.8, zero-day exploitation by state actor.

Read more
HTB: Redshift — Redis CONFIG SET Webshell to Root

Unauthenticated Redis → CONFIG SET dir to web root → PHP webshell as www-data → backup .env leaks SSH creds → world-writable sudo script → root.

Read more
CVE-2026-54089: Progress WhatsUp Gold NmAPI Unauthenticated SQLi to RCE

Legacy /NmAPI/ endpoint missing auth → raw reportId in SQL query → xp_cmdshell via sysadmin service account → NT AUTHORITY\SYSTEM. CVSS 9.8.

Read more
CVE-2026-53018: Citrix NetScaler NITRO Debug Handler Auth Bypass + Pre-Auth RCE

Debug handler in nsmgmtd checks for X-Citrix-Debug header → bypasses all auth → full NITRO REST API access → root RCE.

Read more
HTB: Blackout — Windows Hard

Leaked LDAP credentials → password spray → WinRM foothold → ESC8 (AD CS HTTP enrollment) → PetitPotam + ntlmrelayx → PKINIT → DCSync.

Read more

Get In Touch

Questions, opportunities, or just want to talk security.