Oct 15, 2022
·
9 min readBypass SSRF filters using domain redirection and abusing Python PDB
Sep 12, 2021
·
15 min readSSTI in Golang, abuse S3 bucket, and NGINX backdoor
Aug 06, 2021
·
9 min readDeserialization attack on YAML and reversing web assembly
Jun 14, 2021
·
11 min readFriendly PHP insecure deserialization attack and race condition
Jun 09, 2021
·
12 min readChaining XSS, SSRF, and deserialization vulnerabilities to get RCE
Jun 02, 2021
·
9 min readDC-9 from VulnHub features a website that is vulnerable to SQL injection.
I’m able to dump a bunch …
May 09, 2021
·
9 min readExploiting an insecure deserialization on Jackson library and how to mitigate it
Apr 24, 2021
·
14 min readPentesting against simulated AWS S3 Bucket
Apr 02, 2021
·
6 min readExploiting OpenNetAdmin vulnerability and sudo nano