This blog post contains a walkthrough of Nebula provided by Exploit Education. Nebula is a vulnerable ISO which has a variety of Linux privilege escalation vulnerabilities. Some of these vulnerabil...
Common XSS payloads I use
Common XSS Tricks I use This post contains a common list of XSS payloads I tend to use most of often. Taken from the internet, the origin of most of these payloads are uknown but they are often sh...
Facebook CTF 2019: Products Manager Writeup
This challenge was part of Facebook CTF . Looking at the challenge tab, the following information is provided: Going to the provided URL, this leads to the following web application where you ca...
Facebook CTF 2019 : pdfme Writeup
This challenge was part of Facebook CTF . Looking at the challenge tab, the following information is provided: The goal of this challenge is the exploit the PDF conversion service seen below. ...
Pentestit TestLab V12 Walkthrough
This walkthrough shows the process I used to capture and complete some systems within the Pentestit v12 test lab. This walkthrough contains my field notes I took when I was working through the box....
HackTheBox : Active Walkthrough
This walkthrough is a guide on how to exploit HTB Active machine. A quick nmap scan of the target system reveals the following information. The arguement -p- can also be used to scan the entire por...
Ghost Publishing Platform – SVG Image Upload to Stored Cross-site scripting
Often when looking for Stored Cross-site scripting (XSS) vulnerabilities, file upload functionalities can be targeted. This will include trying to upload an HTML file or a Flash SWF file that conta...
Top 10 OSINT Tools/Sources for Security Folks
Open-source intelligence (OSINT) refers to techniques used to collect data from publicly available sources that can be used for enumeration or attacking a target further. This blog post will provid...
phppgadmin CSRF to Code Execution
This advisory discloses a CSRF vulnerability that exists in phppgadmin/phppgadmin. The details that was sent to the maintainer can be seen here: phppgadmin%20CSRF%20Vulnerability.pdf CSRF Introduc...
The target="_blank" Vulnerability
The HTML <a> element, also known as anchor element is used within webpages to create an hyperlink to another resource. The anchor tag can also be specified with several attributes, one of the...