Home Original page

nth347 - Overview

Skip to content

Navigation Menu

Sign in

Appearance settings

View nth347's full-sized avatar

Block or report nth347

👋 Hi there, I'm Hưng (nth347)

💻 Offensive Security | Application Security | Security Research

💣 Offensive Security

  • Offensive Security Program Development
  • Red Team Operations & Adversary Simulation
  • Custom Malware & Offensive Tooling Development
  • AV/EDR Evasions, In-Memory Execution
  • Hybrid AD/Azure Compromise
  • Executive Reporting & Stakeholder Briefing

🛡️ Application Security

  • Application Security Engineering
  • Review/Pentest Web, API & Mobile
  • Security Threat Modeling
  • DevSecOps Design
  • Security Control Engineering
  • Secure Coding Standards & Developer Training Program

🔬 Security Research

  • Java-specific Vulnerabilities
  • 1-day Analysis

💻 Technologies

  • Programming Languages: C/C++, C#/.NET, Java, PHP, Python, Rust, Golang, Lua
  • Scripting Languages: Bash, PowerShell

🐞 CVEs

🧩 Contributions

🏆 Certifications

Popular repositories Loading

  1. Exploit for CVE-2021-3129

    Python 68 26

  2. RCE exploit for attack chain in "A Saga of Code Executions on Zimbra" post

    Python 36 5

  3. Java SSTI vulnerability demos based on Spring Boot and various template engines (Thymeleaf, FreeMarker, Velocity)

    Java 5

  4. Exploit for CVE-2018-20148 - WordPress PHAR deserialization via XMLRPC

    Python 4 2

  5. PoC for CVE-2020-28032 (It's just a POP chain in WordPress < 5.5.2 for exploiting PHP Object Injection)

    PHP 4 2

  6. PoC for CVE-2019-9081

    PHP 1 2