Categories updates I've passed the CEH exam Finally moved my blog to Cloudflare.pages tutorials How to create a file for Zip Slip How to spin up a WordPress site in 5 minutes [LAMP Stack] How to Set Up Automatic Syncing for Obsidian Using GitHub for Free How to Set Up Zsh on Debian How to set up and use tmux (Cheat Sheet) Save OpenVPN Credentials for Automatic Login Install and Self-host SysReptor on Kali OSINT Footprinting Cheat Sheet How to Set Up AI-Powered Coding on Neovim How to set up Docker and run Kali on Debian How to install and set up Debian How to Set Up Git and Connect to GitHub on Linux Quick Copy & Paste Techniques for Default vi/vim: Moving Text In and Out During Pentesting writeups PortSwigger Academy Lab: CSRF where token validation depends on token being present PortSwigger Academy Lab: Blind SQL injection with time delays and information retrieval PortSwigger Academy Lab: HTTP request smuggling, confirming a TE.CL vulnerability via differential responses PortSwigger Academy Lab: Brute-forcing a stay-logged-in cookie Portswigger Academy Lab: Reflected DOM XSS PortSwigger Academy Lab: Inconsistent handling of exceptional input PortSwigger Academy Lab: Reflected XSS into HTML context with most tags and attributes blocked PortSwigger Academy Lab: Web cache poisoning with an unkeyed header PortSwigger Academy Lab: SQL injection with filter bypass via XML encoding PortSwigger Stored XSS PortSwigger Academy Lab - DOM XSS in AngularJS expression with angle brackets and double quotes HTML-encoded Hack The Box Skills Assessment - SQLMap Essentials Hack The Box Skills Assessment - File Inclusion Hacke The Box Skills Assessment - Web Service and API Attacks Hack the Box Skills Assessment - Login Brute Forcing Web Attacks - Hack The Box Skills Assessment Hack the Box Skills Assessment - Session Security Server Side Attacks - Hack The Box Skills Assessment HTB - File Upload Attacks - Skills Assessment PortSwigger Academy Lab: Forced OAuth profile linking Hack The Box - Skills Assessment: SQL Injection FUndamentals Hack The Box - Skills Assessment: Command Injections PortSwigger Lab: Manipulating the WebSocket handshake to exploit vulnerabilities PortSwigger Lab: Exploiting XXE via image file upload PortSwigger Lab: Insufficient workflow validation PortSwigger Lab: Exploiting HTTP request smuggling to deliver reflected XSS PortSwigger Lab: DOM XSS in `document.write` sink using source `location.search` inside a select element PortSwigger Lab: Blind OS command injection with output redirection PortSwigger Lab: Using application functionality to exploit insecure deserialization PortSwigger Academy Lab: Server-side template injection in an unknown language with a documented exploit PortSwigger Lab: SSRF with filter bypass via open redirection vulnerability PortSwigger Lab: File path traversal, traversal sequences stripped non-recursively PortSwigger Lab: Information disclosure in version control history PortSwigger Lab: DOM XSS using web messages and a JavaScript URL PortSwigger Lab: CORS vulnerability with trusted insecure protocols PortSwigger Lab: Web cache poisoning with multiple headers PortSwigger Lab: Multi-step process with no access control on one step PortSwigger Lab: Broken brute-force protection, IP block PortSwigger Academy Lab: SQL injection attack, querying the database type and version on MySQL and Microsoft PortSwigger Lab: CSRF where token validation depends on request method PortSwigger Academy Lab: OAuth account hijacking via redirect_uri PortSwigger Lab: Web shell upload via extension blacklist bypass XSS (Cross-Site Scripting) [Skills Assessment] Hack The Box Writeup Attacking web applications with ffuf [Skill Assessment] Hack the Box Writeup Information Gathering Web Edition [Skill Assessment] Hack the Box Writeup Broken Authentication [Skill Assessment] Hack The Box Writeup JavaScript Deobfuscation Skill Assessment - Hack the Box Writeup WordPress Hacking [Skill Assessment] - Hack The Box Writeup HackTheBox Writeup - [Using Web Proxies] Skill Assesment
PortSwigger Academy Lab: HTTP request smuggling, confirming a TE.CL vulnerability via differential responses
PortSwigger Academy Lab - DOM XSS in AngularJS expression with angle brackets and double quotes HTML-encoded
PortSwigger Lab: DOM XSS in `document.write` sink using source `location.search` inside a select element
PortSwigger Academy Lab: Server-side template injection in an unknown language with a documented exploit
PortSwigger Academy Lab: SQL injection attack, querying the database type and version on MySQL and Microsoft