posts

Proving grounds Practice - Sybaris CTF writeup.

Proving grounds Practice - Potfish CTF writeup.

Proving grounds Practice - ZenPhoto CTF writeup.

Proving grounds Practice - Peppo CTF writeup.

Proving grounds Practice - Hetemit CTF writeup.

Proving grounds Practice - Zino CTF writeup.

Proving grounds Practice - Hunit CTF writeup.

Proving grounds Practice - Dibble CTF writeup.

Proving grounds Practice - Banzai CTF writeup.

Proving grounds Practice - Nibbles CTF writeup.

Proving grounds Practice - Fail CTF writeup.

Business Logic Error leads to pay 0 amount for subscription and obtain 12% discount on the booking.

Proving grounds Practice - Wombo CTF writeup.

Proving grounds Practice - Payday CTF writeup.

Proving grounds Practice - Hawat CTF writeup.

Proving grounds Practice - Payday CTF GLPI.

Proving grounds Practice - Fractal CTF writeup.

Proving grounds Practice - Muddy CTF writeup.

Proving grounds Practice - Wheels CTF writeup.

Proving grounds Practice - Levram CTF writeup.

Proving grounds Practice - Flimsy CTF writeup.

Proving grounds Practice - Astronaut CTF writeup.

Proving grounds Practice - Bratarnia CTF writeup.

Proving grounds Practice - Codo CTF writeup.

Proving grounds Practice - Fanatastic CTF writeup.

Proving grounds Play - BTRSys2.1 CTF writeup.

Proving grounds Play - Stapler CTF writeup.

Proving grounds Play - Empire-Breakout CTF writeup.

Proving grounds Play - SunsetDecoy CTF writeup.

Proving grounds Play - Ha-natraj CTF writeup.

Proving grounds Play - BBSCute CTF writeup.

Proving grounds Play - Gaara CTF writeup.

Proving grounds Play - Katana CTF writeup.

Proving grounds Play - Lampiao CTF writeup.

Proving grounds Play - Monitoring CTF writeup.

Proving grounds Play - Photographer CTF writeup.

Proving grounds Play - Dawn CTF writeup.

Proving grounds Play - Inclusiveness CTF writeup.

Proving grounds Play - Amaterasu CTF writeup.

Proving grounds Play - Vegeta1 CTF writeup.

Proving grounds Play - Potato CTF writeup.

Proving grounds Play - Seppuku CTF writeup.

Proving grounds Play - PyExp CTF writeup.

Proving grounds Play - Shakabrah CTF writeup.

Proving grounds Play - FunboxEasy CTF writeup.

Proving grounds Play - FunboxEasyEnum CTF writeup.

Proving grounds Play - FunboxRookie CTF writeup.

Proving grounds Play - Solstice CTF writeup.

Proving grounds Play - Moneybox CTF writeup.

Proving grounds Play - SunsetNoontide CTF writeup.

Proving grounds Play - DriftingBlues6 CTF writeup.

Proving grounds Play - DC-2 CTF writeup.

Proving grounds Play - DC-1 CTF writeup.

Proving grounds Play - EvilBox-One CTF writeup.

Proving grounds Play - Infosecprep CTF writeup.

Proving grounds Play - Sumo CTF writeup.

Proving grounds Play - Cybersploit1 CTF writeup.

Proving grounds Practice - Internal CTF writeup.

Proving grounds Practice - Kevin CTF writeup.

Proving grounds Practice - Helpdesk CTF writeup.

Proving grounds Practice - RubyDome CTF writeup.

Proving grounds Practice - Twiggy CTF writeup.

Proving grounds Practice - Exfiltrated CTF writeup.

Proving grounds Practice - Algernon CTF writeup.

Proving grounds Practice - Squid CTF writeup.

Proving grounds Practice - ClamAV CTF writeup.

Proving grounds Practice - Pebbles CTF writeup.

Proving grounds Practice - Hub CTF writeup.

Proving grounds Practice - Access CTF writeup.

Proving grounds Practice - Vault CTF writeup.

Proving grounds Play - Djinn3 CTF writeup.

Proving grounds Play - SunsetMidnight CTF writeup.

Proving grounds Play - Sar CTF writeup.

Proving grounds Play - SoSimple CTF writeup.

Proving grounds Play - Election1 CTF writeup.

Proving grounds Play - ICMP CTF writeup.

Dump the database through Mass Assignment Vulnerability.

Proving grounds Play - OnSystemShellDredd CTF writeup.

This blog delves into the techniques used to bypass a Web Application Firewall (WAF) and exploit SQL injection vulnerabilities in a financial management web application.

This blog discusses the exploitation of a business logic error that allows users to manipulate prices and pay less for the products and services offered by the target company.

This blog explores the method of account takeover by manipulating the local session storage in a financial web application.

This blog discusses the exploitation of misconfigurations and authorization vulnerabilities in a Multinational Company’s Content Management System (CMS) application

An in-depth analysis of reverse engineering client-side encryption in a web application.

An in-depth analysis of the DLL hijacking vulnerability leading to remote code execution in one of the leading business automation products.

A pentester’s guide to insecure deserialization.

Exploiting an Insecure Direct Object References (IDOR) vulnerability to gain control over other users’ linked bank accounts.

API Security Misconfiguration Leads to tons of PII data Leakage.

Dumping the database by leveraging time-based SQL Injection.

Massive Subdomains Take Over using subzy.

Obtain Remote Code Execution due to Unrestricted File Upload.

iOS Pen-testing dynamic analysis lab setup.

Obtain remote code execution through file upload feature.

Takeover targetted users account via response manipulation.

Remote Code Execution through Unrestricted File Upload

Take over user accounts by abusing improper rate limitation.

Reflected Cross-site Scripting.