PinnedPublished inInfoSec Write-upsBypassing Amazon WAF to pop an alert()Hey everyone, its been a while since I published anything. This time, I’ll be sharing how I bypassed Amazon WAF to get XSS on the target…Aug 29, 20223Aug 29, 20223
Published inInfoSec Write-upsHacking IPMI and Zabbix in HackTheBox — ShibbolethPort ScanningApr 27, 2022Apr 27, 2022
Published inSystem WeaknessFrom file upload to command injection to AWS compromiseFile upload feature has a command injection vulnerability from which we get AWS credentials to access sensitive file in s3 bucket.Apr 24, 2022Apr 24, 2022
Published inInfoSec Write-upsHackTheBox — DevzatDevzat is a medium difficulty box in HackTheBoxMar 15, 2022Mar 15, 2022
Published inInfoSec Write-upsLumberjack Turtle — WriteupDifficulty: Medium Room Description: No logs, no crime… so says the lumberjack.Feb 1, 2022Feb 1, 2022
Published inInfoSec Write-upsExploiting Execute After Redirect (EAR) vulnerability in HTB PreviseExploiting Execute After Redirect for fun and profit??Jan 10, 2022Jan 10, 2022
Stack based Buffer Overflows - PrerequisitesHello everyone, hope you all are doing great. I’m planning to write some blogs (you can call it a series of blogs) on Buffer Overflows. I…Dec 10, 20211Dec 10, 20211
Published inInfoSec Write-upsZeno — THM Writeup (Abusing service file misconfigurations)Hello all, today we be doing Zeno from TryHackMe. It is rated Medium and the description says “Do you have the same patience as the great…Oct 24, 2021Oct 24, 2021
Published inInfoSec Write-upsIDE - TryHackMe WriteupHi all, today we will take on the IDE room in TryHackMe. It is rated Easy and the room description says: “An easy box to polish your…Oct 22, 2021Oct 22, 2021
Published inInfoSec Write-upsTryHackMe - Sweettooth Inc. (non port forward method)Hello everyone, this one is going to be the write-up for the Sweettooth Inc. room on TryHackMe. In this room, we’ll have to first…Aug 2, 2021Aug 2, 2021