Posts by Category
Tutorials
SQL Injection - Cyard Challenges
Hello, in this writeup, I will talk about how to find and exploit SQL Injection in `lims` app provided by [Cyard](htt...
Web Security Vulnerabilities - Server Side Template Injection (SSTI)
Server-Side Template Injection, also known as SSTI, is a web security vulnerability that allows an attacker to inject...
Web Security Vulnerabilities - Remote Code Execution
Remote Code Execution, also known as RCE is a security vulnerability that allows an attacker to gain unauthorized acc...
Web Security Vulnerabilities - File Upload Vulnerabilities
File upload vulnerabilities arise when an application allows users to upload files to its system without properly san...
Web Security Vulnerabilities - Local File Inclusion (LFI)
Local File Inclusion also known as LFI is a web security vulnerability that allows an attacker to include files from ...
Web Security Vulnerabilities - Insecure Direct Object Reference (IDOR)
Insecure Direct Object Reference, also known as IDOR, is a type of access control vulnerability that occurs when an a...
Web Security Vulnerabilities - XML external entity (XXE)
XML external entities (XXE) are entities defined outside of the XML document and referenced within it. They are a fea...
Web Security Vulnerabilities - Broken Authentication
Authentication is the process of verifying the identity of a user. It ensures that the person or system interacting w...
Web Security Vulnerabilities - Server Side Request Forgery
Server Side Request Forgery also known as SSRF, is a web security vulnerability that allows an attacker to manipulate...
Web Security Vulnerabilities - SQL Injection
SQL Injection, also known as SQLI, is a web security vulnerability that allows an attacker to inject malicious querie...
Web Security Vulnerabilities - Cross Site Scripting (XSS)
Cross-Site Scripting, also known as XSS, is a web security vulnerability that allows attackers to inject malicious sc...
SIEM Tutorial - Part 3
Hello, in part 2, we covered what Splunk is, its components, explored its interface, and solve a small piece of the `...
SIEM Tutorial - Part 2
Hello security analysts, today I'm back with the second part of the SIEM tutorial. In the first part, we discussed lo...
SIEM Tutorial - Part 1
Hello everyone, today I'm going to share with you a series of tutorials about SIEM solutions. Tutorial consists of th...
HackTheBox
Drive Machine Writeup
Drive is HackTheBox Hard Linux Machine which starts with a website that I can upload, store, edit, and share files. a...
OnlyForYou Machine Writeup
OnlyForYou is a medium Linux machine that includes LFI exploitation, code execution, cypher injection in `neo4j` data...
Shared Machine Writeup
Shared is medium linux machine that involves exploiting SQL injection, ipython and redis.
Trick Machine Writeup
Trick is an easy linux machine that involves exploiting SQL injection, LFI and fail2ban service.
Faculty Machine Writeup
Faculty is a medium linux machine that involves mpdf exploitation, meta-git and privilege escalation with gdb.
Timelapse Machine Writeup
Timelapse is an easy windows machine that involves smb enumeration, password hash cracking, and exploitation of weak ...