What is Phar Deserizalition to Remote Code Execution? Phar file also known as PHP Archive will normally contain metadata that is written in a serialized format. As a result, the bad guys can abuse the vulnerability related to deserialized that

Continue ReadingHack The Box: (UpDown) Upload Phar File for RCE

In this post, I would like to share a walkthrough of the Forgot Machine from Hack the Box This room will be considered a medium machine on Hack the Box What will you gain from the Forgot machine? For the user

Continue ReadingHack The Box: Forgot Machine Walkthrough – Medium Difficulty

What is Command Injection Attack? It’s an attack in which the bad guys’ objective on this activity will be trying to obtain the execution of arbitrary commands on a vulnerable application. Normally, the vulnerability exposes when the application has sent

Continue ReadingLearning Series: Command Injection Attack

What is NoSQL Injection? Before we proceed with the NoSQL Injection details, we need to understand the NoSQL databases which it has provided low consistency restrictions if compared to SQL databases. Most of the time, the attack might execute from

Continue ReadingHack The Box: (Shoppy Machine) NoSQLi attack

What is Docker Escape Method? Firstly, we are required to understand the importance of Docker escape or also containers escape which was infrastructure that is used by virtual or day-to-day operations for all enterprises. The case of cybersecurity incidents is

Continue ReadingLearning Series: Docker Escape Method

What is XML external entity injection? XML external entity injection is a security vulnerability that normally allows a bad guy by executing the XML data of the application’s processing. A bad guy will able to view files on the application

Continue ReadingLearning Series: XML External Entity Injection Attack

There is no excerpt because this is a protected post.

In this post, I would like to share my experience on how to detect some vulnerabilities within the application itself. A lot of people did ask me how I manage to detect any vulnerabilities with no information (blindly) at all

Continue ReadingLearning Series: How to detect vulnerabilities in the application

What is SSRF? For those who are not familiar with Server-side request forgery or also known as SSRF, it’s a vulnerability that resides within web applications that allow the threat actors to make a request for an unintended location. The

Continue ReadingLearning Series: Server-side request forgery(SSRF) Attack

In the post, i would like to share some knowledge on Cloud Penetration Testing for learning purposes What is Cloud Penetration Testing? There are some Penetration Testing that has been executed within the organization and one of them is Cloud

Continue ReadingLearning Series: Cloud Penetration Testing (AWS)