Threatninja.net

In this post, I would like to share my experience on how to detect some vulnerabilities within the application itself. A lot of people did ask me how I manage…

What is SSRF? For those who are not familiar with Server-side request forgery or also known as SSRF, it’s a vulnerability that resides within web applications that allow the threat…

In the post, i would like to share some knowledge on Cloud Penetration Testing for learning purposes What is Cloud Penetration Testing? There are some Penetration Testing that has been…

What is API Penetration Testing? For those who are not familiar with API Penetration Testing, it’s a test activity that involves all the processes of vulnerability assessment and ensures that…

A little bit of explanation on Kerberos and Impacket In this post, I would like to share my knowledge and skills about the Kerberos which we will take advantage of…

In this post, I would like to share some information on the Insecure Direct Object Reference (IDOR) vulnerability. What is IDOR Vulnerability? For those who are not familiar with IDOR…

In the post, I would like to share some tricks that I learned such as using the WSUS Trick while playing with the Outdated Machine which the walkthrough over here…

In this post, I would like to share some knowledge about SQL Injection which can be useful during Penetration Testing activity. Before we went deeper into it, I will try…

In this post, I would like to share some Unintended ways to obtain the root shell by using the vulnerability of the Faculty machine that recently retired which can be…

In this post, I would like to share a way to bypass AV detection by using HoaxShell which that tool has been created by t3l3machus. What is HoaxShell? HoaxShell is…