https://hexpysya.github.io/tags/javascript/Recent content in JavaScript on bubka hacks stuffHugo -- gohugo.ioen-usThu, 16 Apr 2026 00:00:00 +0000https://hexpysya.github.io/investigations/cdef-etherrat/Thu, 16 Apr 2026 00:00:00 +0000https://hexpysya.github.io/investigations/cdef-etherrat/An attacker breached Maromalix’s public-facing web application by exploiting CVE-2025-55182 (Next.js Deserialization RCE). They deployed a multi-stage implant dubbed EtherRAT, which utilizes a blockchain-based C2 mechanism via Ethereum smart contracts to dynamically resolve infrastructure. The attacker exfiltrated sensitive data, established multiple persistence mechanisms, and ultimately patched the vulnerability to lock out other actors.https://hexpysya.github.io/investigations/cdef-fakegpt/Tue, 14 Apr 2026 00:00:00 +0000https://hexpysya.github.io/investigations/cdef-fakegpt/A malicious Chrome extension masquerading as ChatGPT uses anti analysis checks, hooks Facebook login forms, and acts as a keylogger, exfiltrating AES encrypted data via pixel tracking.https://hexpysya.github.io/investigations/cdef-obfuscated/Wed, 18 Mar 2026 00:00:00 +0000https://hexpysya.github.io/investigations/cdef-obfuscated/A malicious Word document uses a password-protected AutoOpen macro to drop and execute js script, which decrypts an embedded blob into stage2.js. It is a implant that establishes persistence via a hidden scheduled task, collects system reconnaissance, and beacons to two compromised WordPress C2 servers, downloading and executing a next-stage .pif payloadhttps://hexpysya.github.io/investigations/htb-subatomic/Sat, 28 Feb 2026 00:00:00 +0000https://hexpysya.github.io/investigations/htb-subatomic/A fake therapy installer distributed as an NSIS self-extracting archive delivers an Electron-based Node.js infostealer that performs anti-VM checks, injects malicious code into Discord clients, and exfiltrates browser credentials, cookies, autofill data, and Discord tokens to a hardcoded C2.https://hexpysya.github.io/investigations/metasploit-adobe-pdf-embedded-file/Fri, 21 Nov 2025 00:00:00 +0000https://hexpysya.github.io/investigations/metasploit-adobe-pdf-embedded-file/A malicious PDF exploits JavaScript and Launch actions to extract and execute an embedded PE payload, establishing a reverse shell connection to an attacker-controlled server.