Welcome to my Cybersecurity blog where I share tutorials, projects, and insights from my experience and research.
Note: Most modern sites set X-Frame-Options or Content-Security-Policy to prevent embedding in iframes.
How does this X-Frame bypass work?
When you use the Render HTML (proxy fetch) method, the demo fetches the target page's HTML using a public proxy service. Instead of setting the iframe src to the remote site (which would trigger browser restrictions), it writes the fetched HTML directly into a blank iframe using JavaScript. This makes the content appear as same-origin, so the browser does not enforce X-Frame-Options or Content-Security-Policy headers from the remote site.
Limitations: Some resources (images, scripts, styles) may still be blocked by CORS or not work as expected, and interactive features may break. This technique is useful for static content or basic page previews.
Upload a .eml file or paste raw email headers to analyze authentication results (SPF, DKIM, DMARC) and sender info. All processing is done locally in your browser.
Latest Posts
-
TryHackMe - Cheese CTF
Exploiting LFI via PHP filter chains for RCE, lateral movement via world-writable SSH authorized_keys, and privilege escalation through world-writable systemd timers.
-
TryHackMe - Soupedecode 01
Enumerating users using RID brute force, Dictionary password attacks, Kerberoasting, and Passing the hash.
-
Windows Server Active Directory VM Setup with VirtualBox and Linux
Guide to setting up an Active Directory Domain Controller in VirtualBox using Kali
-
TryHackMe - Bypass Disable Functions
How to get around PHP disabled_functions utilizing Local File Injection (LFI) and a bit on named pipes and reverse shells.
-
GoLang malware utilyzing DLL Injection on a remote process
Exploring remote process DLL Injection, DLL writing, and deploying a gob encoded tcp bind shell.
-
GoLang malware utilyzing rc4 encryption to avoid shellcode detection
EDR evasion using rc4 encrypted shellcode by writing a file to disk, downloading rc4 encrypted payloads from a server and injecting them into memory.
-
TryHackMe - Ice
Standard Nmap and Metasploit with mimikatz thrown into the mix for fun. Vulnerability and exploit research, privilege escalation, RDP sessions, and a few tricks to spy on the target.
-
TryHackMe - Intro PoC Scripting
Exploit development from Proofs Of Concept and CVEs. Explore a Ruby exploit, rewrite it in Python. Payload development, authentication development. Just a really good room for coding and how to...
-
TryHackMe - Blue
Vulnerability scanning using nmap, exploitation using metasploit. Examples of creating a reverse TCP shell, upgrading the shell, process migration, hash cracking, and search to find flags.