AWAE Course and OSWE Exam Review – RCE Security
This is a review of the Advanced Web Attacks and Exploitation (WEB-300) course and its OSWE exam by Offensive-Security. I’ve taken this course because I…
Category: Mix
Broken Access Control – Lab #7 User ID controlled by request parameter | Long Version
Broken Access Control – Lab #7 User ID controlled by request parameter | Long Version Source link
Dangerous Code Hidden in Plain Sight for 12 years
Dangerous Code Hidden in Plain Sight for 12 years Source link
DNS Tools Comparison
The Story [EDIT 26/04/22] – I added a note on my personal conclusion about Amass with a note from a conversation with Caffix about why…
Server-Side Prototype Pollution Scanner | Blog
Gareth Heyes | 13 March 2023 at 15:00 UTC We recently published some research on server-side prototype pollution where we went into detail on techniques…
[BugBounty] Decoding a $😱,000.00 htpasswd bounty
tldr; A Private Bug Bounty Program had a globally readable .htpasswd file. I cracked the DES hash, got access to development and staging environments and…
Open Source Hacking Lab | Guide on File Inclusion Vulnerability and Path Traversal Attack in PHP
Open Source Hacking Lab | Guide on File Inclusion Vulnerability and Path Traversal Attack in PHP Source link
Does Cybersecurity Require Programming?
Does Cybersecurity Require Programming? Source link
UMBC Cyberdawgs CTF: The Hacker One
UMBC Cyberdawgs CTF: The Hacker One Source link
Bypassing a WAF by Finding the Origin IP
Bypassing a WAF by Finding the Origin IP Source link
Attacking Language Server JSON RPC
Attacking Language Server JSON RPC Source link
Hacking CI/CD (Basic Pipeline Poisoning)
Hacking CI/CD (Basic Pipeline Poisoning) Source link