Home
πŸ’» | Blog
Cancel

DomGoat Walkthrough

DOM-based Cross site Scripting (XSS) is a type of XSS where user input is written to a web pages’ Document Object Model without proper sanitization. This could be abused by an attacker to manipulat...

RipsTech Java Security Calendar 2019 Notes

Notes related to RipsTech PHP Security Calendar 2019 which aren’t accessible anymore. Challenge 1 - Candy Cane import org.jdom2.Content; import org.jdom2.Document; import org.jdom2.JDOMException;...

Exploit Education - Nebula Walkthrough

This blog post contains a walkthrough of Nebula provided by Exploit Education. Nebula is a vulnerable ISO which has a variety of Linux privilege escalation vulnerabilities. Some of these vulnerabil...

Common XSS payloads I use

Common XSS Tricks I use This post contains a common list of XSS payloads I tend to use most of often. Taken from the internet, the origin of most of these payloads are uknown but they are often sh...

Facebook CTF 2019: Products Manager Writeup

This challenge was part of Facebook CTF . Looking at the challenge tab, the following information is provided: Going to the provided URL, this leads to the following web application where you ca...

Facebook CTF 2019 : pdfme Writeup

This challenge was part of Facebook CTF . Looking at the challenge tab, the following information is provided: The goal of this challenge is the exploit the PDF conversion service seen below. ...

Pentestit TestLab V12 Walkthrough

This walkthrough shows the process I used to capture and complete some systems within the Pentestit v12 test lab. This walkthrough contains my field notes I took when I was working through the box....

HackTheBox : Active Walkthrough

This walkthrough is a guide on how to exploit HTB Active machine. A quick nmap scan of the target system reveals the following information. The arguement -p- can also be used to scan the entire por...

Ghost Publishing Platform – SVG Image Upload to Stored Cross-site scripting

Often when looking for Stored Cross-site scripting (XSS) vulnerabilities, file upload functionalities can be targeted. This will include trying to upload an HTML file or a Flash SWF file that conta...

Top 10 OSINT Tools/Sources for Security Folks

Open-source intelligence (OSINT) refers to techniques used to collect data from publicly available sources that can be used for enumeration or attacking a target further. This blog post will provid...