This challenge was part of Facebook CTF . Looking at the challenge tab, the following information is provided: Going to the provided URL, this leads to the following web application where you ca...
Facebook CTF 2019 : pdfme Writeup
This challenge was part of Facebook CTF . Looking at the challenge tab, the following information is provided: The goal of this challenge is the exploit the PDF conversion service seen below. ...
Pentestit TestLab V12 Walkthrough
This walkthrough shows the process I used to capture and complete some systems within the Pentestit v12 test lab. This walkthrough contains my field notes I took when I was working through the box....
HackTheBox : Active Walkthrough
This walkthrough is a guide on how to exploit HTB Active machine. A quick nmap scan of the target system reveals the following information. The arguement -p- can also be used to scan the entire por...
Ghost Publishing Platform – SVG Image Upload to Stored Cross-site scripting
Often when looking for Stored Cross-site scripting (XSS) vulnerabilities, file upload functionalities can be targeted. This will include trying to upload an HTML file or a Flash SWF file that conta...
Top 10 OSINT Tools/Sources for Security Folks
Open-source intelligence (OSINT) refers to techniques used to collect data from publicly available sources that can be used for enumeration or attacking a target further. This blog post will provid...
phppgadmin CSRF to Code Execution
This advisory discloses a CSRF vulnerability that exists in phppgadmin/phppgadmin. The details that was sent to the maintainer can be seen here: phppgadmin%20CSRF%20Vulnerability.pdf CSRF Introduc...
The target="_blank" Vulnerability
The HTML <a> element, also known as anchor element is used within webpages to create an hyperlink to another resource. The anchor tag can also be specified with several attributes, one of the...
Introduction to Socat
Socat is a network swiss army knife utility and it is very similar to Netcat. However, Socat has many additional features that makes it a better alternative to Netcat. Socat also has advanced featu...
6 things I didn't know Drozer could do
1 : Intent Sniffing Intent sniffing is an attack vector use to capture exposed intents. In certain cases, applications will broadcast intents and will not define any permissions that in need to re...