Recently I had to write a kernel-mode driver. This has made a lot of people very angry and been widely regarded as a bad move. (Douglas…

A review of my bug hunting journey so far, from when I started, to the point where I made it into the Top 200 bug hunters on Bugcrowd after two years.

Summary

This little technique can force your blind XXE to output anything you want!

Hi Guys,

Part-1

This blog post is an introduction to the reverse proxy “Modlishka” tool, that I have just released.
I hope that this software will reinforce the fact that social engineering is a serious threat, and cannot be treated lightly.

Code review is, hopefully, part of regular development practices for any organization. Adding security elements to code review is the most…

Games can be as fun as frustrating, when bugs ruin the fun for half of the player base, and the dev doesn’t care. So, I fixed it myself.

If you haven’t heard, universities around the world are offering their courses online for free (or at least partially free). These courses are collectively called MOOCs or Massive Open Online Courses.

List of Awesome Red Teaming Resources. Contribute to yeyintminthuhtut/Awesome-Red-Teaming development by creating an account on GitHub.

PA Toolkit is a collection of traffic analysis plugins focused on security - pentesteracademy/patoolkit

So I have a free account and until recently I never played around with it much. Mainly because I had originally thought there were some…

Using the browser’s API to fool you into giving up your details.

A Kumu Project.

In recent Pentest we encountered PaloAlto Traps (EDR Solution) was installed on the compromised machine with WildFire module integrated ...

Migrated to new blog

I was recently invited to a cybersecurity event to raise awareness on phishing by simulating targeted campaigns against the CEO attendees. Here's how they fared.