Title: hack.do
Open Graph Title: hack.do
X Title: hack.do
Description:
Opengraph URL: https://hack.do/
Generator: Hugo 0.148.2
Domain: hack.do
{"@context":"https://schema.org","@type":"WebSite","@id":"https:\/\/hack.do\/","name":"hack.do","inLanguage":"en","url":"https:\/\/hack.do\/","publisher":{"@type":"Person","name":"Matt Austin"}}| theme-color | #FFFFFF |
| title | hack.do |
| og:site_name | hack.do |
| og:locale | en |
| og:type | website |
| twitter:card | summary |
| author | Matt Austin |
Links:
| ↓Skip to main content | https://hack.do#main-content |
| https://hack.do/ | |
| hack.do | https://hack.do/ |
| Blog | https://hack.do/posts/ |
| About | https://hack.do/about/ |
| WinBoat: Drive by Client RCE + Sandbox escape. | https://hack.do/posts/winboat-guest-service-host-rce/ |
| RCE in buf CLI (from http://buf.build) | https://hack.do/posts/buf-cli-registry-login-rce/ |
| CVE-2025-48938 - GitHub CLI RCE | https://hack.do/posts/cve-2025-48938/ |
| CVE-2021-30618 - Chrome Headless Remote Debugging RCE via XSS | https://hack.do/posts/cve-2021-30618/ |
| Thinking Outside the Sandbox: Decoding and Defeating Node.js Permissions | https://hack.do/posts/thinking-outside-the-sandbox/ |
| Burp Suite RCE via Chrome Remote Debugging | https://hack.do/posts/burp-suite-rce/ |
| CVE-2023-30587 - Node.js Permission Bypass via Inspector Module | https://hack.do/posts/cve-2023-30587/ |
| jsonwebtoken: String Payload Parsing Inconsistency Leads to Auth Bypass | https://hack.do/posts/node-jsonwebtoken-string-payload-auth-bypass/ |
| Node.js Permission Bypass via WASI Module | https://hack.do/posts/nodejs-wasi-permission-bypass/ |
| CVE-2020-17091 - Microsoft Teams Desktop RCE via Missing Context Isolation | https://hack.do/posts/cve-2020-17091/ |
| Docker Desktop (formaly Kitematic) Container Escape and RCE via “Web Preview” | https://hack.do/posts/docker-kitematic-rce/ |
| Ghost CMS: Privilege Escalation via Post Preview | https://hack.do/posts/ghost-code-injection-privilege-escalation/ |
| CVE-2018-15685 - Electron WebPreferences Remote Code Execution | https://hack.do/posts/cve-2018-15685/ |
| XSS in Outlook Adaptive Cards via Action.OpenUrl | https://hack.do/posts/outlook-adaptive-cards-xss/ |
| Elmowned - Hacking Elmo | https://hack.do/posts/elmowned/ |
| Unsafe Code Execution in static-eval | https://hack.do/posts/static-eval/ |
| Visual Studio Code 1.9.1: Arbitrary Code Execution via Markdown Preview | https://hack.do/posts/vscode-markdown-preview-rce/ |
| ↑ | https://hack.do#the-top |
| Hugo | https://gohugo.io/ |
| Congo | https://github.com/jpanther/congo |
Viewport: width=device-width,initial-scale=1