CyberiumX Writeups
@cyberiumxwriteups
12
subscribers
4
photos
69
links
Here you will get detailed writeups for HackTheBox, TryHackMe and PortSwigger
Download Telegram
Join
CyberiumX Writeups
12 subscribers
CyberiumX Writeups
https://cyberiumx.com/write-ups/vulnerabilities-in-multi-factor-authentication/
CyberiumX
Vulnerabilities in Multi-Factor Authentication
This blog focuses on the identification and exploitation of Multi-Factor Authentication vulnerability on web applications. We will be providing a detailed walkthrough of PortSwigger's labs which you can access on the PortSwigger website.
CyberiumX Writeups
https://cyberiumx.com/write-ups/vulnerabilities-in-other-authentication-mechanism/
CyberiumX
PortSwigger | Vulnerabilities in Other Authentication Mechanism
This blog focuses on the identification and exploitation of Authentication vulnerability on web applications. We will be providing a detailed walkthrough of PortSwigger's labs which you can access on the PortSwigger.
CyberiumX Writeups
https://cyberiumx.com/write-ups/hackthebox-headless/
CyberiumX Writeups
https://cyberiumx.com/write-ups/tryhackme-clocky/
CyberiumX
Clocky | TryHackMe Writeup | CyberiumX
We have come up with a new machine, "Clocky," on TryHackMe, which aims to familiarize you with the process of detecting misconfigurations on Linux-based web servers using an array of penetration testing tools and methods.
CyberiumX Writeups
https://cyberiumx.com/write-ups/portswigger-reflected-stored-cross-site-scripting/
CyberiumX
PortSwigger- Reflected & Stored Cross-site Scripting - CyberiumX
This blog emphasizes the identification and exploitation of Cross-site Scripting (XSS) vulnerabilities present on websites.
CyberiumX Writeups
https://cyberiumx.com/write-ups/portswigger-dom-based-xss/
CyberiumX
PortSwigger- DOM-Based XSS | CyberiumX
This blog centers on the identification and exploitation of DOM-based XSS vulnerabilities present on websites. We'll be honing our skills in detecting and leveraging these vulnerabilities using the PortSwigger platform.
CyberiumX Writeups
https://cyberiumx.com/write-ups/portswigger-advanced-dom-based-xss/
CyberiumX
PortSwigger- Advanced DOM-based XSS
This blog explores how to detect and take advantage of advanced DOM-based XSS vulnerabilities found in websites that utilize third-party dependencies
CyberiumX Writeups
https://cyberiumx.com/write-ups/broken-access-control-vertical-privilege-escalation/
CyberiumX
Broken Access Control- Vertical Privilege Escalation
Broken access controls are prevalent and frequently pose a critical security vulnerability. Vertical privilege escalation occurs when an attacker endeavors to obtain additional permissions or access using a compromised existing account.
CyberiumX Writeups
https://cyberiumx.com/write-ups/broken-access-control-horizontal-privilege-escalation/
CyberiumX
Broken Access Control | Horizontal Privilege Escalation
Horizontal access controls are systems designed to limit access to resources to particular users. This blog focuses on the identification and exploitation of “Horizontal Privilege Escalation”, which is a type of Broken Access Control vulnerability
CyberiumX Writeups
https://cyberiumx.com/write-ups/portswigger-broken-access-control-advanced/
CyberiumX
Broken Access Control - Advanced | PortSwigger
Insecure Direct Object References (IDOR) represent a form of broken access control vulnerability, wherein an application inadvertently reveals direct references to internal objects, such as database keys or file paths, exposing sensitive information.
CyberiumX Writeups
https://cyberiumx.com/write-ups/portswigger-union-based-sql-injection/
CyberiumX
Union-Based SQL Injection | CyberiumX
Union SQL injection involves an attacker to get the contents of other tables stored in the database with the default SQL queries.
CyberiumX Writeups
https://cyberiumx.com/write-ups/portswigger-examining-the-database-using-union-based-sql-injection/
CyberiumX
Examining the Database using Union-based SQL Injection
In this new writeup we will understand how we can get the database version and information related to tables and columns present in the database.
CyberiumX Writeups
https://cyberiumx.com/write-ups/portswigger-blind-based-sql-injection-1/
CyberiumX
PortSwigger- Blind-Based SQL Injection- I
Hello folks,
CyberiumX Writeups
https://cyberiumx.com/write-ups/blind-sql-injection-2/
CyberiumX
PortSwigger- Blind SQL Injection-II - CyberiumX
'; (SELECT pg_sleep(10))––
CyberiumX Writeups
https://cyberiumx.com/write-ups/portswigger-exploiting-other-categories-in-sql-injection/
CyberiumX
PortSwigger- Exploiting Other Categories in SQL Injection
'––
CyberiumX Writeups
https://cyberiumx.com/write-ups/tryhackme-whats-your-name/
CyberiumX
TryHackMe- Whats Your Name? | CyberiumX
In this blog, we are going to solve a challenge that will test our client-side exploitation skills. The name of this challenge is “Whats Your Name?” and it is available on the TryHackMe platform.
CyberiumX Writeups
https://cyberiumx.com/write-ups/portswigger-basic-password-reset-poisoning/
CyberiumX
Basic Password Reset Poisoning | CyberiumX
In this blog, we will solve the “Basic password reset poisoning” lab under Password Reset Poisoning.
CyberiumX Writeups
https://cyberiumx.com/write-ups/portswigger-password-reset-poisoning-via-middleware/
CyberiumX
Password Reset Poisoning Via Middleware | CyberiumX
This Lab focuses on the identification and exploitation of HTTP Host header vulnerability. We will understand this vulnerability and then see how we can perform password reset poisoning via middleware.
CyberiumX Writeups
https://cyberiumx.com/write-ups/exploiting-an-api-endpoint-using-documentation/
CyberiumX
Exploiting An API Endpoint Using Documentation | CyberiumX
To solve the Lab, we must identify the exposed API documentation and delete a user from the application. We will require the Burp Suite Community edition to solve the lab.
CyberiumX Writeups
https://cyberiumx.com/write-ups/finding-and-exploiting-an-unused-api-endpoint/
CyberiumX
Finding and exploiting an unused API endpoint | CyberiumX
In this blog, we will understand the complete process which starts from identifying API endpoints, supported HTTP methods, and content types.
