All articles

Started to being written in 2017, SerHack Blog represents a solid but unique point of view in Computer Science field. From cryptocurrencies to information security, from reverse engineering to phishing: many topics are depicted using layman terms. What are you waiting for? Read one of any articles.
Note that part of articles are in Italian since it's my first language. Italian culture and classicism gave me an inspiration for this blog.

Olivetti 0.88.1 for SerHack

Ultimate Member – User Profile & Membership Plugin STORED XSS

– Product: Ultimate Member – User Profile & Membership Plugin Version: 2.0.27 or earlier URL: https://wordpress.org/plugins/ultimate-member/ Potential users affected: 100.000+ CVE : CVE-2018-17866 Ultimate member Ultimate Member is one of the many user profile & membership plugins … Read Full Article

Ultimate Member – User Profile & Membership Plugin STORED XSS illustration

FontStruct - Break the Font InfraSTRUCTure!

– The website FontStruct allows even novice users to create their own personal font from scratch. A very simplified procedure: you sign up and you are ready to compose your font. Everything is offered through a simple interface as a free service. Not bad for a free service! Unfortunately, the … Read Full Article

FontStruct - Break the Font InfraSTRUCTure! illustration

🇮🇹 FontStruct - Rompi l'InfraSTRUCTure!

– Cross-Site Scripting, API non protette e molto altro Il famoso sito FontStruct permette, anche agli utenti meno esperti, di creare da zero il proprio font personale. Una procedura molto semplificata: ti registri e sei già pronto per disegnare. Il tutto viene offerto, tramite una semplice interfaccia … Read Full Article

FontStruct - Rompi l'InfraSTRUCTure! illustration

MEGA Chrome Extension Hacked - Detailed Timeline of Events

– TLDR; On 4 September at 14:30 UTC, an unknown attacker managed to hack into MEGA’s Google Chrome web store account and upload a malicious version 3.39.4 of an extension to the web store, according to a blog post published by the company. Upon installation or auto-update, the malicious … Read Full Article

MEGA Chrome Extension Hacked - Detailed Timeline of Events illustration

Deobfuscation and Understanding a Trojan Jscript

– Over 50% of cyber attacks are executed through malware, whose job is to find a flaw to inject other types of viruses including malware, adware and much more. Knowing the computer remotely, it can spy on the screen and even crypt the files: a wrong click and you lose anything. It is estimated that … Read Full Article

Deobfuscation and Understanding a Trojan Jscript illustration