   ██████╗  ██████╗  ██████╗ ████████╗███████╗██╗  ██╗███████╗██╗     ██╗     
   ██╔══██╗██╔═══██╗██╔═══██╗╚══██╔══╝██╔════╝██║  ██║██╔════╝██║     ██║     
   ██████╔╝██║   ██║██║   ██║   ██║   ███████╗███████║█████╗  ██║     ██║     
   ██╔══██╗██║   ██║██║   ██║   ██║   ╚════██║██╔══██║██╔══╝  ██║     ██║     
   ██║  ██║╚██████╔╝╚██████╔╝   ██║   ███████║██║  ██║███████╗███████╗███████╗
   ╚═╝  ╚═╝ ╚═════╝  ╚═════╝    ╚═╝   ╚══════╝╚═╝  ╚═╝╚══════╝╚══════╝╚══════╝

Welcome to RootShell

Hardcore cybersecurity deep dives & breaking security news

234

Posts

121

Studies

113

News

📚 ~/study - Cyber Deep Dives

121 postsView all →

studyJun 2, 202615 min read

HTTP/2 Protocol Overview & Frame Structure - Introductory Guide

Learn the fundamentals of HTTP/2, its connection preface, frame types, multiplexing, flow control, HPACK compression and how it differs from HTTP/1.1 - especially for request smuggling scenarios.

http2protocolsecurityrequest-smuggling

studyJun 1, 202615 min read

Advanced QUIC Request Smuggling & Multi-Stream Exploitation

Learn how QUIC’s multiplexed streams can be abused for request smuggling, the underlying protocol quirks, practical exploitation steps, defensive controls, and hands-on labs.

quichttp-3request-smugglingmulti-stream-exploitation

studyMay 31, 202615 min read

JSON Injection 101: Understanding the Attack Surface

Learn how JSON data is parsed server-side, discover common injection vectors, and master detection and exploitation techniques-from simple payloads to prototype-pollution RCE. Real-world tools, defenses, and hands-on labs are included.

json-injectionweb-securityapi-testingnosql

studyMay 29, 202615 min read

SharpHound Data Collection: Gathering AD Relationships - Intro Guide

Learn how to run SharpHound with default and custom collection methods, interpret its JSON output, filter noisy data, stay stealthy, and export results for BloodHound ingestion. This guide gives practical examples, mitigation tips, and hands-on exercises.

sharphoundbloodhoundactive-directoryenumeration

studyMay 28, 202615 min read

DLL Search Order Hijacking in Windows Services - PrivEsc Guide

Learn how attackers exploit Windows DLL search order and service misconfigurations to gain SYSTEM privileges. The guide covers theory, discovery, payload creation, registry hijacking, manifest redirection, evasion, and post-exploitation techniques.

privilege-escalationdll-hijackingwindowsservice-exploitation

studyMay 26, 202615 min read

Exploiting Unkeyed Header Injection for Cache Poisoning - An Intermediate Guide

Learn how unkeyed (non-vary) HTTP headers can be abused to poison browser, proxy, and CDN caches. The guide covers cache key generation, header discovery, injection techniques, crafting persistent poisoned responses, bypassing defenses, and leveraging CDN edge logic for large-scale impact.

cache-poisoningheader-injectioncdn-securityweb-attacks

📡 ~/news - Security News

113 postsView all →

newsMay 15, 20268 min read

AI-Generated Zero-Day 2FA Bypass Threatens Open-Source Sysadmin Tools

Google uncovered a zero-day 2FA bypass that appears to have been created by an AI system. The flaw targets a widely-used open-source web-based administration platform, prompting a rapid coordinated patch to avert mass exploitation.

AI securityzero-day2FA bypassGoogle

newsMay 11, 20268 min read

Dirty Frag (CVE-2026-43284): Critical Linux Kernel Zero-Day Grants Root With No Patch

A kernel-level bug in the Linux cryptographic API, dubbed Dirty Frag (CVE-2026-43284), lets unauthenticated attackers gain root privileges. No vendor patch exists yet; only temporary mitigations are available, and active exploitation is imminent.

linuxzero-daykernelsecurity

newsMay 10, 20268 min read

Ivanti EPMM Zero-Day (CVE-2026-6973) Exploited in Targeted Attacks - What You Need to Know

Ivanti disclosed a high-severity, authenticated input-validation flaw (CVE-2026-6973) in Endpoint Manager Mobile that is already being leveraged in targeted attacks. CISA added the vulnerability to its KEV catalog, demanding remediation by May 10 for federal agencies.

IvantiEPMMZero-DayCVE-2026-6973

newsMay 8, 20268 min read

Palo Alto Networks PAN-OS Zero-Day (CVE-2026-0300) Exploited in the Wild - Critical RCE Threat

A critical buffer-overflow (CVE-2026-0300) in PAN-OS User-ID Authentication (Captive) Portal enables unauthenticated remote code execution with root privileges. State-sponsored actors have been exploiting internet-exposed PA-Series and VM-Series firewalls for almost a month, and patches are slated for May 13.

PAN-OSZero-DayRCEFirewall

newsMay 7, 20268 min read

Critical MOVEit Automation Auth Bypass (CVE-2026-4670) Threatens Thousands of Deployments

Progress Software disclosed a critical authentication-bypass flaw (CVE-2026-4670) in MOVEit Automation, affecting versions prior to 2025.1.5, 2025.0.9 and 2024.1.8. Over 1,400 internet-exposed instances-incl. U.S. state and local agencies-remain unpatched, prompting urgent upgrades and mitigations.

CVE-2026-4670MOVEit AutomationAuthentication BypassCybersecurity

newsMay 5, 20268 min read

CISA Flags Critical Linux LPE ‘Copy Fail’ (CVE-2026-31431) as Actively Exploited

The U.S. CISA added CVE-2026-31431, known as “Copy Fail”, to its KEV catalog after confirming active exploitation. The flaw gives any local user a trivial path to root on Linux kernels from 2017 onward, affecting servers, desktops, and containers.

CVE-2026-31431LinuxPrivilege EscalationCISA KEV

contact

Feel free to reach out for collaboration, security consulting, or just to say hello.

[email protected]

Welcome to RootShell

📚 ~/study - Cyber Deep Dives

📡 ~/news - Security News

Support RootShell

What your sponsorship helps with:

contact