Usually graphql endpoint are located at www.example.com/graphql.

Today, we will discuss an old and well-known attack against Kerberos authentication during an Active Directory pentesting assessment called…

Introduction

This article covers exploiting SQL Injection manually in a Graphql Application.

During my free time, i downloaded a android application from google play store for fun, i have actually known this application for a long…

Have you ever found yourself staring at a Windows network, wondering how to find vulnerabilities and security holes? Don’t worry, CrackMapExec is here to save the day! It’s like having a Swiss Army…

What is a stack?

First of all, This was a private program, so I will refer to it with example.com.
Let me tell you how I found the Reflected XSS…

This blog post was published on PurpleBox website on July 20th, 2022.

ProFTPD (Professional File Transfer Protocol server Daemon) is an open-source software, used for FTP servers on Unix and Unix-like systems…

In part1 of the article, I introduced JSON web tokens that what is JWT and How they are made? I prefer to take a look at that before you go…

DNS Rebinding is a method of bypassing Same Origin Policy by manipulating DNS resolution

domain escalation from a low-privileged user to a domain admin

The Lab Environment

(CSRF + Flash + HTTP 307) = Great for exploitation

Hello hackers,

Introduction:

https://www.mysweet.id/2023/08/users-of-x-must-now-pay-for-tweetdeck.html

Hi fellow hunters, in this write-up, I will explain how I founded SQL Injection Vulnerability and was able to dump data from the US…