Articles

Latest posts

PortSwigger Academy Lab: CSRF where token validation depends on token being present - 22 March 2025

PortSwigger Academy Lab: Blind SQL injection with time delays and information retrieval - 17 March 2025

PortSwigger Academy Lab: HTTP request smuggling, confirming a TE.CL vulnerability via differential responses - 17 March 2025

PortSwigger Academy Lab: Brute-forcing a stay-logged-in cookie - 17 March 2025

Portswigger Academy Lab: Reflected DOM XSS - 16 March 2025

PortSwigger Academy Lab: Inconsistent handling of exceptional input - 15 March 2025

PortSwigger Academy Lab: Reflected XSS into HTML context with most tags and attributes blocked - 14 March 2025

PortSwigger Academy Lab: Web cache poisoning with an unkeyed header - 14 March 2025

PortSwigger Academy Lab: SQL injection with filter bypass via XML encoding - 13 March 2025

PortSwigger Stored XSS - 12 March 2025

PortSwigger Academy Lab - DOM XSS in AngularJS expression with angle brackets and double quotes HTML-encoded - 12 March 2025

Hack The Box Skills Assessment - SQLMap Essentials - 11 March 2025

Hack The Box Skills Assessment - File Inclusion - 11 March 2025

Hacke The Box Skills Assessment - Web Service and API Attacks - 10 March 2025

Hack the Box Skills Assessment - Login Brute Forcing - 10 March 2025

Web Attacks - Hack The Box Skills Assessment - 9 March 2025

Hack the Box Skills Assessment - Session Security - 9 March 2025

Server Side Attacks - Hack The Box Skills Assessment - 9 March 2025

HTB - File Upload Attacks - Skills Assessment - 9 March 2025

PortSwigger Academy Lab: Forced OAuth profile linking - 8 March 2025

Hack The Box - Skills Assessment: SQL Injection FUndamentals - 8 March 2025

Hack The Box - Skills Assessment: Command Injections - 8 March 2025

PortSwigger Lab: Manipulating the WebSocket handshake to exploit vulnerabilities - 7 March 2025

PortSwigger Lab: Exploiting XXE via image file upload - 7 March 2025

PortSwigger Lab: Insufficient workflow validation - 7 March 2025

PortSwigger Lab: Exploiting HTTP request smuggling to deliver reflected XSS - 7 March 2025

PortSwigger Lab: DOM XSS in `document.write` sink using source `location.search` inside a select element - 7 March 2025

PortSwigger Lab: Blind OS command injection with output redirection - 7 March 2025

PortSwigger Lab: Using application functionality to exploit insecure deserialization - 7 March 2025

PortSwigger Academy Lab: Server-side template injection in an unknown language with a documented exploit - 6 March 2025

PortSwigger Lab: SSRF with filter bypass via open redirection vulnerability - 6 March 2025

PortSwigger Lab: File path traversal, traversal sequences stripped non-recursively - 6 March 2025

PortSwigger Lab: Information disclosure in version control history - 6 March 2025

PortSwigger Lab: DOM XSS using web messages and a JavaScript URL - 6 March 2025

PortSwigger Lab: CORS vulnerability with trusted insecure protocols - 6 March 2025

PortSwigger Lab: Web cache poisoning with multiple headers - 6 March 2025

PortSwigger Lab: Multi-step process with no access control on one step - 6 March 2025

PortSwigger Lab: Broken brute-force protection, IP block - 6 March 2025

PortSwigger Academy Lab: SQL injection attack, querying the database type and version on MySQL and Microsoft - 5 March 2025

PortSwigger Lab: CSRF where token validation depends on request method - 5 March 2025

PortSwigger Academy Lab: OAuth account hijacking via redirect_uri - 5 March 2025

PortSwigger Lab: Web shell upload via extension blacklist bypass - 5 March 2025

January 2025

XSS (Cross-Site Scripting) [Skills Assessment] Hack The Box Writeup - 2 January 2025

2024

December 2024

Attacking web applications with ffuf [Skill Assessment] Hack the Box Writeup - 31 December 2024

Information Gathering Web Edition [Skill Assessment] Hack the Box Writeup - 31 December 2024

Broken Authentication [Skill Assessment] Hack The Box Writeup - 27 December 2024

How to create a file for Zip Slip - 23 December 2024

JavaScript Deobfuscation Skill Assessment - Hack the Box Writeup - 18 December 2024

WordPress Hacking [Skill Assessment] - Hack The Box Writeup - 15 December 2024

How to spin up a WordPress site in 5 minutes [LAMP Stack] - 15 December 2024

HackTheBox Writeup - [Using Web Proxies] Skill Assesment - 14 December 2024

November 2024

How to Set Up Automatic Syncing for Obsidian Using GitHub for Free - 27 November 2024

How to Set Up Zsh on Debian - 25 November 2024

How to set up and use tmux (Cheat Sheet) - 25 November 2024

Save OpenVPN Credentials for Automatic Login - 25 November 2024

Install and Self-host SysReptor on Kali - 24 November 2024

OSINT Footprinting Cheat Sheet - 20 November 2024

How to Set Up AI-Powered Coding on Neovim - 13 November 2024

October 2024

How to set up Docker and run Kali on Debian - 17 October 2024

How to install and set up Debian - 1 October 2024

September 2024

How to Set Up Git and Connect to GitHub on Linux - 20 September 2024

Quick Copy & Paste Techniques for Default vi/vim: Moving Text In and Out During Pentesting - 15 September 2024

I've passed the CEH exam - 2 September 2024

April 2024

Finally moved my blog to Cloudflare.pages - 17 April 2024