Latest posts
PortSwigger Academy Lab: CSRF where token validation depends on token being present - 22 March 2025
PortSwigger Academy Lab: Blind SQL injection with time delays and information retrieval - 17 March 2025
PortSwigger Academy Lab: HTTP request smuggling, confirming a TE.CL vulnerability via differential responses - 17 March 2025
PortSwigger Academy Lab: Brute-forcing a stay-logged-in cookie - 17 March 2025
Portswigger Academy Lab: Reflected DOM XSS - 16 March 2025
PortSwigger Academy Lab: Inconsistent handling of exceptional input - 15 March 2025
PortSwigger Academy Lab: Reflected XSS into HTML context with most tags and attributes blocked - 14 March 2025
PortSwigger Academy Lab: Web cache poisoning with an unkeyed header - 14 March 2025
PortSwigger Academy Lab: SQL injection with filter bypass via XML encoding - 13 March 2025
PortSwigger Stored XSS - 12 March 2025
PortSwigger Academy Lab - DOM XSS in AngularJS expression with angle brackets and double quotes HTML-encoded - 12 March 2025
Hack The Box Skills Assessment - SQLMap Essentials - 11 March 2025
Hack The Box Skills Assessment - File Inclusion - 11 March 2025
Hacke The Box Skills Assessment - Web Service and API Attacks - 10 March 2025
Hack the Box Skills Assessment - Login Brute Forcing - 10 March 2025
Web Attacks - Hack The Box Skills Assessment - 9 March 2025
Hack the Box Skills Assessment - Session Security - 9 March 2025
Server Side Attacks - Hack The Box Skills Assessment - 9 March 2025
HTB - File Upload Attacks - Skills Assessment - 9 March 2025
PortSwigger Academy Lab: Forced OAuth profile linking - 8 March 2025
Hack The Box - Skills Assessment: SQL Injection FUndamentals - 8 March 2025
Hack The Box - Skills Assessment: Command Injections - 8 March 2025
PortSwigger Lab: Manipulating the WebSocket handshake to exploit vulnerabilities - 7 March 2025
PortSwigger Lab: Exploiting XXE via image file upload - 7 March 2025
PortSwigger Lab: Insufficient workflow validation - 7 March 2025
PortSwigger Lab: Exploiting HTTP request smuggling to deliver reflected XSS - 7 March 2025
PortSwigger Lab: DOM XSS in `document.write` sink using source `location.search` inside a select element - 7 March 2025
PortSwigger Lab: Blind OS command injection with output redirection - 7 March 2025
PortSwigger Lab: Using application functionality to exploit insecure deserialization - 7 March 2025
PortSwigger Academy Lab: Server-side template injection in an unknown language with a documented exploit - 6 March 2025
PortSwigger Lab: SSRF with filter bypass via open redirection vulnerability - 6 March 2025
PortSwigger Lab: File path traversal, traversal sequences stripped non-recursively - 6 March 2025
PortSwigger Lab: Information disclosure in version control history - 6 March 2025
PortSwigger Lab: DOM XSS using web messages and a JavaScript URL - 6 March 2025
PortSwigger Lab: CORS vulnerability with trusted insecure protocols - 6 March 2025
PortSwigger Lab: Web cache poisoning with multiple headers - 6 March 2025
PortSwigger Lab: Multi-step process with no access control on one step - 6 March 2025
PortSwigger Lab: Broken brute-force protection, IP block - 6 March 2025
PortSwigger Academy Lab: SQL injection attack, querying the database type and version on MySQL and Microsoft - 5 March 2025
PortSwigger Lab: CSRF where token validation depends on request method - 5 March 2025
PortSwigger Academy Lab: OAuth account hijacking via redirect_uri - 5 March 2025
PortSwigger Lab: Web shell upload via extension blacklist bypass - 5 March 2025
January 2025
XSS (Cross-Site Scripting) [Skills Assessment] Hack The Box Writeup - 2 January 2025
2024
December 2024
Attacking web applications with ffuf [Skill Assessment] Hack the Box Writeup - 31 December 2024
Information Gathering Web Edition [Skill Assessment] Hack the Box Writeup - 31 December 2024
Broken Authentication [Skill Assessment] Hack The Box Writeup - 27 December 2024
How to create a file for Zip Slip - 23 December 2024
JavaScript Deobfuscation Skill Assessment - Hack the Box Writeup - 18 December 2024
WordPress Hacking [Skill Assessment] - Hack The Box Writeup - 15 December 2024
How to spin up a WordPress site in 5 minutes [LAMP Stack] - 15 December 2024
HackTheBox Writeup - [Using Web Proxies] Skill Assesment - 14 December 2024
November 2024
How to Set Up Automatic Syncing for Obsidian Using GitHub for Free - 27 November 2024
How to Set Up Zsh on Debian - 25 November 2024
How to set up and use tmux (Cheat Sheet) - 25 November 2024
Save OpenVPN Credentials for Automatic Login - 25 November 2024
Install and Self-host SysReptor on Kali - 24 November 2024
OSINT Footprinting Cheat Sheet - 20 November 2024
How to Set Up AI-Powered Coding on Neovim - 13 November 2024
October 2024
How to set up Docker and run Kali on Debian - 17 October 2024
How to install and set up Debian - 1 October 2024
September 2024
How to Set Up Git and Connect to GitHub on Linux - 20 September 2024
Quick Copy & Paste Techniques for Default vi/vim: Moving Text In and Out During Pentesting - 15 September 2024
I've passed the CEH exam - 2 September 2024
April 2024
Finally moved my blog to Cloudflare.pages - 17 April 2024