Alexander Constantinou
Penetration tester with 9+ years in offensive security. CVE analysis, Hack The Box writeups, and red team research.
// Latest
Recent Posts
CVE analysis, Hack The Box writeups, and security research.
Unauthenticated XXE reads DB config → admin creds → Freemarker SSTI in report module → OS commands as SYSTEM. Two bugs, one pre-auth RCE chain.
Read moreOversized TLS SNI extension overflows a 512-byte heap buffer → corrupts adjacent chunk header → function pointer overwrite → root. CVSS 9.8, zero-day exploitation by state actor.
Read moreUnauthenticated Redis → CONFIG SET dir to web root → PHP webshell as www-data → backup .env leaks SSH creds → world-writable sudo script → root.
Read moreLegacy /NmAPI/ endpoint missing auth → raw reportId in SQL query → xp_cmdshell via sysadmin service account → NT AUTHORITY\SYSTEM. CVSS 9.8.
Read moreDebug handler in nsmgmtd checks for X-Citrix-Debug header → bypasses all auth → full NITRO REST API access → root RCE.
Read moreLeaked LDAP credentials → password spray → WinRM foothold → ESC8 (AD CS HTTP enrollment) → PetitPotam + ntlmrelayx → PKINIT → DCSync.
Read more// Contact
Get In Touch
Questions, opportunities, or just want to talk security.