Learning Series: How to detect vulnerabilities in the application
In this post, I would like to share my experience on how to detect some vulnerabilities within the application itself. A lot of people did ask me how I manage…
Learning Series: Server-side request forgery(SSRF) Attack
What is SSRF? For those who are not familiar with Server-side request forgery or also known as SSRF, it’s a vulnerability that resides within web applications that allow the threat…
Learning Series: Cloud Penetration Testing (AWS)
In the post, i would like to share some knowledge on Cloud Penetration Testing for learning purposes What is Cloud Penetration Testing? There are some Penetration Testing that has been…
Learning Series: API Penetration Testing
What is API Penetration Testing? For those who are not familiar with API Penetration Testing, it’s a test activity that involves all the processes of vulnerability assessment and ensures that…
Learning Series: Play around with Kerberos using the Impacket script
A little bit of explanation on Kerberos and Impacket In this post, I would like to share my knowledge and skills about the Kerberos which we will take advantage of…
Learning Series: IDOR Vulnerability explained
In this post, I would like to share some information on the Insecure Direct Object Reference (IDOR) vulnerability. What is IDOR Vulnerability? For those who are not familiar with IDOR…
Hack The Box: (Outdated Machine) Using WSUS attack
In the post, I would like to share some tricks that I learned such as using the WSUS Trick while playing with the Outdated Machine which the walkthrough over here…
Learning Series: SQL Injection attack method
In this post, I would like to share some knowledge about SQL Injection which can be useful during Penetration Testing activity. Before we went deeper into it, I will try…
Hack The Box: (Unintended Way) To obtain a root shell using CVE-2022-2588 Vulnerability on Faculty HTB
In this post, I would like to share some Unintended ways to obtain the root shell by using the vulnerability of the Faculty machine that recently retired which can be…
Learning Series: Bypass AV detection using HoaxShell
In this post, I would like to share a way to bypass AV detection by using HoaxShell which that tool has been created by t3l3machus. What is HoaxShell? HoaxShell is…