SerHack - Developer and Security Engineer

Developer - Security engineer

[email protected]



Unpacking ASIC firmware: AntMiner Exploited


Analysis of AntMiner Z11 firmware which lead to discover and report some potential security flaws.


Shellbot-net controlled over IRC network

Analysis of a script written in Perl which has the scope of building a botnet. The unknown attackers could control the machines over an IRC channel hosted on their server. The article, also, marks the pros and cons of the method used.


MyMonero Phishing - Reversing the fake app

I was surfing on Reddit quietly in a sunny day. I was busy since I had to work for many projects including Mastering Monero. At one point, I notice a new user thread asking if there ever was a MyMonero app for Android.


Mastering Monero paperback has been released!

"Mastering Monero: The future of private transactions" is your guide through the world of Monero, a leading cryptocurrency with a focus on private and censorship-resistant transactions. This book contains everything you need to know to start using Monero in your business or day-to-day life, even if you've never understood or interacted with cryptocurrencies before.


Ultimate Member – User Profile & Membership Plugin STORED XSS


CVE-2018-17866 / Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin through 2.0.27 for WordPress allow remote attackers to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field.


FontStruct - Break the Font InfraSTRUCTure


I discovered some critial security issues on the popular website


MEGA Chrome Extension Hacked - Detailed Timelapse

Security Trojan

On 4 September at 14:30 UTC, an unknown attacker managed to hack into MEGA's Google Chrome web store account and upload a malicious version 3.39.4 of an extension to the web store, according to a blog post published by the company.


Deobfuscating and Understanding a Trojan JScript

Jscript Trojan

Over 50% of cyber attacks are executed through malware, whose job is to find a flaw to inject other types of viruses including malware, adware and much more. Knowing the computer remotely, it can spy on the screen and even crypt the files: a wrong click and you lose anything.


Understanding Google Dorks and How Hackers Use Them

Search Engine Dorks

It is estimated that Google has downloaded more pages than any other search engine in the market. With over billions of pages and a relatively low execution time, the popular Californian search engine is able to satisfy all research, both for educational purposes and for purely curiosity purposes.