In this blog, I am gonna share about a bug that I came across while performing VAPT for a private project.
 This is a CMS website that I…

Hi Everyone,

NOTE: The original work is attributed to NETENRICH Corporation. Here, you can find the official version. This article is not an in-depth…

Depending on how secure a remote server is, some of the simplest attacks could give you access, like a buffer overflow. Continued…

$Whoami

This lab’s two-factor authentication can be bypassed. To solve the lab, access Carlos’s account page | Karthikeyan Nagaraj

Exploring Google Dorking Queries to Enhance API Security 🔒

In the realm of ethical hacking, reconnaissance, often referred to as the “information gathering” phase, is the crucial first step. To…

Bug Bounty POC Preparation Guide For XSS Vulnerability

Self-learning big bounty

Welcome back to the 2nd story in the “Threat Modeling Handbook” series. In the last story, we discussed what is a threat model and why it…

Unveiling the Threat of IDOR Vulnerabilities By Hacking a Fintech Provider Ethically

PDFs have become an essential part of our digital world, facilitating seamless document sharing across platforms. However, with the rise of…

Hi! Today I’m working on the machine DC-4 from Proving Grounds Play / VulnHub. This is writeup 63 out of 100 as I prepare for OSCP. This…

Achieving the status of an ethical hacker without a degree may appear overwhelming. However, it is entirely feasible by adopting the…

In today’s rapidly evolving technological landscape, the emergence of sophisticated cyber threats and attacks has brought to the forefront…

InfoSecSherpa: Your Guide Up a Mountain of Information!

Users noticed a significant omission after Meta released the Threads app: a web version. Did Meta release a web version in response to the…

Ключові моменти:

Introduction