Elusive Thoughts

Web Application Security, AI Hacking, LLM Hacking,Windows Security, Cross Site Scripting, SQL Injection XXE

No posts. Show all posts

No posts. Show all posts

Subscribe to: Posts (Atom)

GitHub Actions as an Attacker's Playground

GitHub Actions as an Attacker's Playground — 2026 Edition CI/CD security • Supply chain • April 2026 ci-cd github-actions supply-c...

PHP Source Code Chunks of Insanity (Delete Post Pages) Part 4

Intro This post is going to talk about source code reviewing PHP and demonstrate how a relatively small chunk of code can cause you lots ...
The Hackers Guide To Dismantling IPhone (Part 3)

Introduction On May 7, 2013, as a German court ruled that the iPhone maker must alter its company policies for handling customer data, sin...
MSSQL Injection OPENROWSET Side Channel

MSSQL Exploitation: OPENROWSET, xp_cmdshell, and Database Attack Primitives — 2026 Edition 2026 Edition MSSQL Exploitation...

Linkedin

Hacker’s Elusive Thoughts

Hacker’s Elusive Thoughts The Book

Older Posts

▼ 2026 (25)
- ▼ 19 Apr (3)
- ► 12 Apr (4)
- ► 5 Apr (7)
- ► 29 Mar (4)
- ► 22 Mar (4)
- ► 15 Mar (1)
- ► 8 Mar (2)

► 2025 (1)
- ► 13 Apr (1)

► 2021 (5)
- ► 2 May (1)
- ► 14 Mar (2)
- ► 14 Feb (1)
- ► 31 Jan (1)

► 2020 (1)
- ► 16 Feb (1)

► 2019 (2)
- ► 21 Jul (1)
- ► 14 Apr (1)

► 2016 (1)
- ► 22 May (1)

► 2015 (2)
- ► 1 Mar (1)
- ► 15 Feb (1)

► 2014 (5)
- ► 13 Apr (4)
- ► 6 Apr (1)

► 2013 (3)
- ► 15 Sept (2)
- ► 3 Mar (1)

► 2012 (37)
- ► 23 Dec (1)
- ► 4 Nov (1)
- ► 28 Oct (1)
- ► 21 Oct (1)
- ► 2 Sept (1)
- ► 26 Aug (1)
- ► 19 Aug (1)
- ► 29 Jul (1)
- ► 1 Jul (1)
- ► 24 Jun (2)
- ► 27 May (1)
- ► 20 May (1)
- ► 13 May (1)
- ► 22 Apr (3)
- ► 15 Apr (2)
- ► 8 Apr (3)
- ► 1 Apr (2)
- ► 25 Mar (1)
- ► 18 Mar (2)
- ► 11 Mar (3)
- ► 4 Mar (2)
- ► 26 Feb (1)
- ► 19 Feb (2)
- ► 12 Feb (1)
- ► 8 Jan (1)

Labels

Defensive Security (18) Back Door (17) OWASP Top 10 (12) Windows Hacking (12) Buffer Overflow (11) Burp Suite (11) Security Code Review (10) Hacking (9) SQL Injection (9) Web Application Security (9) Web Back Door (9) appsec (9) AI (8) XSS Injection (8) AI security (7) LLM (7) Mal-ware Analysis (7) Source (7) LLM security (6) Shell code Injection (6) agentic AI (6) DDoS (5) Http Header Injection (5) Reverse Engineering (5) Threat Modeling (5) XML Injection (5) Automation (4) DoS (4) Session Management (4) ai-security (4) AI Security (3) Blockchain (3) CSRF (3) Ethereum (3) IPhone Hacking (3) Smart Contracts (3) Threats (3) llm-security (3) AppSec (2) Bitcoin (2) IS (2) Information Security (2) LLM Security (2) Port scanning (2) Solidity (2) crypto (2) offensive security (2) prompt injection (2) xss (2) Agentic AI (1) Browser Security (1) CLI Security (1) Claude (1) Mal-ware AI AI Hacking Analysis (1) Mobile Data Stealing (1) OWASP (1) SSRF (1) Supply Chain (1) Vulnerability Research (1) WAF (1) Web Security (1) agents (1) browsergate (1) cache (1) cache deception (1) cache poisoning (1) cli (1) clickjacking (1) linkedin (1) privacy (1) security (1) surveillance (1)

Search This Blog

Pages

Home
Mini Penetration Testing Framework
Mini Web Penetration Testing Framework
Fixed Exploits
Windows Hackers Command Reference
Linux Hackers Command Reference
Windows Auditing
Teenage Mutant Ninja Turtles project
Pentesting Laws In UK
UNIX User Enumeration
DNS Record Querying For Pentesting
Applied Cryptography For Pentesting
SMB & AD For Pentesting
IPV4, IPV6, TCP, UDP ICMP For Pentesting
Android Pentest Guide
Security & Protocols
Patch Management For Pentesting
UNIX and Windows File System Permissions
Hacking UNIX R-Services
UNIX MISCONFIGURATION ISSUES

Trinity Project

Web Scraper (URL collector)

Teenage Mutant Ninja Turtles

Tool: Simply a payload mutator..

CapeCake

Python Web Scanner

Pentestmag publishes Elusive Thoughts

Article: Infiltrating corporate networks using XXE injection

Hack9 publishes Elusive Thoughts

Article: Trojan-izing USB Sticks

Hack9 publishes Elusive Thoughts again

Article: SQL fuzzing for fun and profit

Labels

Defensive Security (18) Back Door (17) OWASP Top 10 (12) Windows Hacking (12) Buffer Overflow (11) Burp Suite (11) Security Code Review (10) Hacking (9) SQL Injection (9) Web Application Security (9) Web Back Door (9) appsec (9) AI (8) XSS Injection (8) AI security (7) LLM (7) Mal-ware Analysis (7) Source (7) LLM security (6) Shell code Injection (6) agentic AI (6) DDoS (5) Http Header Injection (5) Reverse Engineering (5) Threat Modeling (5) XML Injection (5) Automation (4) DoS (4) Session Management (4) ai-security (4) AI Security (3) Blockchain (3) CSRF (3) Ethereum (3) IPhone Hacking (3) Smart Contracts (3) Threats (3) llm-security (3) AppSec (2) Bitcoin (2) IS (2) Information Security (2) LLM Security (2) Port scanning (2) Solidity (2) crypto (2) offensive security (2) prompt injection (2) xss (2) Agentic AI (1) Browser Security (1) CLI Security (1) Claude (1) Mal-ware AI AI Hacking Analysis (1) Mobile Data Stealing (1) OWASP (1) SSRF (1) Supply Chain (1) Vulnerability Research (1) WAF (1) Web Security (1) agents (1) browsergate (1) cache (1) cache deception (1) cache poisoning (1) cli (1) clickjacking (1) linkedin (1) privacy (1) security (1) surveillance (1)

Report Abuse

New tool repo

New tool repo

New Tools

My Other Blogs

fluffyblockchain

Market outlook 04-11-2021 - Bitcoin Status The Bitcoin volume is not here yet, it seems that the retails is not "lured" yet in to the planned big "pump and dump". Bitcoin Mempool vol...
4 years ago
The Simple Security

sonijohn.sh - #!/usr/bin/env bash # Sonicwall config decoder and password extractor for John the Ripper # Daniel Compton # www.commonexploits.com # contact@commexploits.co...
10 years ago
The Bounty Hunter

Crowdsourcing Hacking... - *Introduction* Nowadays because of the recession things such as drug trafficking and prostitution don't pay as much as it used to. Don't believe me? In 20...
13 years ago

Gerasimos Kassaras. Simple theme. Powered by Blogger.