Welcome to Corvra Labs

This is a space for cybersecurity research, CVEs, and tooling.

---

Latest Posts

EvilNeko: Operationalizing Browser in the Browser Attacks

January 01, 2026

Browser in the Browser (BITB) attacks work by presenting a fully attacker controlled browser environment to the user which can mimic typical login flows. This subverts the standard guidance such as “check the URL” and builds more trust in targets with the site that they are interacting with. It also simplifies the theft of sessions by having the target perform the login process on red team infrastructure meaning MFA bypass is not required. When I first read about BITB phishing in mr.d0x’s article, I was interested in exploring this further.

CVE-2025-48709 and The Forgotten Half of Secrets Management

August 19, 2025

Secrets management can be a pain, from discovering all of the issues in code, to excel files on desktops, to standing up proper vaults and convincing people to use them. But let’s say you have done all this. Pop the champagne, tell your boss to give you a huge bonus, leaked secrets have been conquered…or have they?