Aditya

@adityatelange
56 Followers
45 Following
380 Posts
Hacker ⚡ Developer
Websitehttps://adityatelange.in
Githubhttps://github.com/adityatelange
AdityaMay 1
#supplychain #infosec
AdityaApr 19

A python script that patches libflutter.so to disable Flutter's TLS verification.

🔗 https://github.com/adityatelange/patch-libflutter-tls

The script is based on the work of Jeroen Beckers @TheDauntless at https://github.com/NVISOsecurity/disable-flutter-tls-verification. List of offsets are present here. Thanks to Jeroen and NVISO for their work on this topic.

#flutter #android #appsec #infosec #pentesting

GitHub - adityatelange/patch-libflutter-tls: A python script that patches libflutter.so to disable Flutter's TLS verification.

A python script that patches libflutter.so to disable Flutter's TLS verification. - adityatelange/patch-libflutter-tls

GitHub
AdityaApr 13

One Year with evil-winrm-py - A Retrospective

https://adityatelange.in/blog/evil-winrm-py/

#pentesting #cybersecurity #winrm #python #foss #github

One Year with evil-winrm-py - A Retrospective

A retrospective on the development and impact of evil-winrm-py, a Python implementation of the popular evil-winrm tool for Windows Remote Management.

Aditya Telange
AdityaApr 11

A ton of improvements added to #papermod

https://github.com/adityatelange/hugo-PaperMod/commits/master/?since=2026-04-11&until=2026-04-12

Commits · adityatelange/hugo-PaperMod

A fast, clean, responsive Hugo theme. Contribute to adityatelange/hugo-PaperMod development by creating an account on GitHub.

GitHub
AdityaApr 7

The best #android security inspection tool - duck detector is open sourced.

https://github.com/eltavine/Duck-Detector-Refactoring

#foss #android #security

GitHub - eltavine/Duck-Detector-Refactoring

Contribute to eltavine/Duck-Detector-Refactoring development by creating an account on GitHub.

GitHub
AdityaApr 2

NearbyShare/QuickShare for Linux and MacOS

Really nice tool for Quick Share from #linux to #android devices and vice versa.

https://github.com/Martichou/rquickshare

#filetransfer #quickshare #foss

AdityaApr 2
#cybersecurity
AdityaMar 31

https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan

#npm #supplychainsecurity

axios Compromised on npm - Malicious Versions Drop Remote Access Trojan - StepSecurity

Hijacked maintainer account used to publish poisoned axios releases including 1.14.1 and 0.30.4. The attacker injected a hidden dependency that drops a cross platform RAT. We are actively investigating and will update this post with a full technical analysis.

AdityaMar 30
Kali LinuxMar 30

Kali Linux 2026.1 Release (2026 Theme & BackTrack Mode)

https://www.kali.org/blog/kali-linux-2026-1-release/

AdityaMar 30
Rubén Santos GarcíaMar 29
OAuth account takeover doesn't need leaked tokens. No state param = CSRF to forced account linking. Loose redirect_uri matching = code theft via open redirect chains. Implicit flow puts tokens in browser history and Referer headers. PKCE bypass when not enforced server-side. SSRF via OpenID dynamic client registration. Six patterns, all with labs. https://www.kayssel.com/newsletter/issue-43/ #OAuth #BugBounty #Pentesting #websecurity #Offsec #InfoSec
OAuth 2.0: Six Ways the Authorization Flow Breaks

Missing state CSRF, redirect_uri hijacking, open redirect code theft, implicit flow token leakage, PKCE bypass, and SSRF via OpenID dynamic client registration

Kayssel