Elliot Belt
Student & Offensive Security Researcher
Welcome#
Hi! I’m Felix Billières, also known as Elliot Belt.
Recent
MCP SVG Icon Injection: From XSS to RCE Through the Protocol Spec
·10 mins
A deep dive into a protocol-level vulnerability in the Model Context Protocol (MCP) specification where malicious SVG icons delivered via data: URIs can escalate from XSS to full RCE on Electron clients. Reported to Anthropic VDP, closed as Informative — disclosed here with full technical details.
pyGoldenGMSA - Reversing Windows DLLs to Compute gMSA Passwords on Linux
·12 mins
Building a cross-platform GoldenGMSA tool by reverse engineering Windows cryptographic DLLs and implementing NIST SP800-108 KDF from scratch
Phantom - HackTheBox Writeup
Complete exploitation of a Windows Active Directory machine highlighting Kerberos delegation RBCD techniques
Retex: Phreaks 2600 at the Hack4Values Grand Live Hacking Solidaire 2025
The Phreaks 2600 team actively participated in the Hack4Values Grand Live Hacking Solidaire 2025, contributing to the security of NGOs and associations
NetExec Workshop LeHack 2025 - Comprehensive Guide
Comprehensive guide to Active Directory exploitation with NetExec at the LeHack 2025 workshop
Retex: Phreaks 2600 at the 'Unlock Your Brain' Student Bug Bounty 2025
·3 mins
The Phreaks 2600 team secured 2nd place at the ‘Unlock Your Brain’ Student Bug Bounty, with notable individual performances, including awards for the most creative bug and the best meme.