Skip to content
View Rat5ak's full-sized avatar
🏠
Working from home
🏠
Working from home
14 followers · 12 following

Achievements

Achievement: StarstruckAchievement: QuickdrawAchievement: Pull Sharkx2

Achievements

Achievement: StarstruckAchievement: QuickdrawAchievement: Pull Sharkx2

Highlights

  • Pro

Block or report Rat5ak

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse

Pinned Loading

  1. CORUNA_IOS-MACOS_FULL_DUMP CORUNA_IOS-MACOS_FULL_DUMP Public

    Recovered samples, extracted Wasm/binaries, decoded payloads & analysis scripts from the Coruna iOS/macOS exploit kit (b27.icu). 28 JS modules, 6 Wasm, 13 ARM64 binaries.

    53 16

  2. CORUNA_TECHNICAL_ANALYSIS CORUNA_TECHNICAL_ANALYSIS Public

    A Complete Technical Teardown of a State-Grade iOS/macOS Watering-Hole Exploit Chain

    54 9

  3. CVE-2026-31413-BPF-Container-Escape CVE-2026-31413-BPF-Container-Escape Public

    CVE-2026-31413: BPF verifier soundness bug - container escape

    C 1 1

  4. CVE-2026-3805-curl-SMB-UAF CVE-2026-3805-curl-SMB-UAF Public

    CVE-2026-3805: Use-After-Free in curl SMB connection reuse - heap info disclosure

    Shell 1

  5. Vercel-AI-SDK-SSRF-validateDownloadUrl-DNS-Bypass Vercel-AI-SDK-SSRF-validateDownloadUrl-DNS-Bypass Public

    Full-Read SSRF in Vercel AI SDK. validateDownloadUrl() only checks hostname strings, never resolves DNS. Any domain pointing to a private IP bypasses the check. downloadBlob() returns complete resp…

    JavaScript

  6. CVE-2025-55182-React2Shell-RCE-POC CVE-2025-55182-React2Shell-RCE-POC Public

    This repository documents research into deserialization behavior within Next.js React Server Components (RSC) using the Flight protocol. It focuses on how malformed multipart bodies combined with S…

    Python 3 1