Hi, I'm Duarte

This is where I share cool stuff that I stumble upon on my ethical hacking journey

  • Using built-in objects to bypass a sandboxed environment

    Posted on July 6, 2024

    A little while ago I gave a talk at RootedCon about how we could use dunder methods in Python to bypass a sandboxed environment and thus achieve code execution. Basically, this talk followed closely what I wrote in my first blogpost, but it also included a brief reference to an... [Read More]

  • Cross-Site Scripting (XSS) in Go

    Guessing unknown MIME types

    Posted on March 31, 2024

    The other day I was investigating the findings of a certain SAST scanner for a Go project. In particular, I was analyzing the Reflected Cross-Site Scripting (XSS) results. At first glance, one of these results looked like a True Positive (TP) — it was writing a partially user-controllable value directly... [Read More]

  • Arbitrary Code Execution in Pillow

    CVE-2023-50447

    Posted on January 2, 2024

    During Checkmarx’s Research Group routine activities, we often conduct security assessments on open-source technologies to refine both our tools and our skillset. During one of these activities, I identified a Critical vulnerability in Pillow. It is present in the PIL.ImageMath.eval function, in versions up to and including 10.1.0. This vulnerability... [Read More]
    Tags: