It’s been a long time since my last blog post, as I was preparing for my OSCP. Well, I’m glad to inform you all that I’m now an Offensive Security Certified Professional.

Techincal walkthrough

Countless companies are still vulnerable.

Parsing HTML at the command line. Contribute to ericchiang/pup development by creating an account on GitHub.

In September 2019, JPCERT/CC published a security alert regarding vulnerabilities in multiple SSL-VPN products. Among the vulnerabilities pointed out in the alert, JPCERT/CC has been notified of cases leveraging CVE-2019-11510 and CVE-2019-11539 in Pulse…

Security Assertion Markup Language (SAML) is an open XML-based standard for exchanging authentication and authorization data between…

Maybe you know about Same Origin Policy or not,  Mozilla describes it as: “The same-origin policy is a critical security mechanism that…

This experimetal fuzzer is meant to be used for API in-memory fuzzing. - andreafioraldi/frida-fuzzer

This adds an OSX priv esc against 2 versions of VMWare Fusion. The binary is still available, but let me know if you need it in case it gets removed. Gives an euid=0.
Of note, i'm not fam...

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet - OlivierLaflamme/Cheatsheet-God

SANS Penetration Testing blog pertaining to SQLMAP Tamper Scripts for The Win

Use and load all tamper scripts to evade filters and WAF :

The first in a series of three posts about a methodology for hunting bugs in SAML. This post covers background information about SAML, laying the groundwork to understand SAML vulnerabilities and attacks.

Mailbox auto-reply settings are usually created and defined by the users himself. If you want to get an overview of the auto-reply settings of your organization you have to ask every user: “D…

Scan Victim Backup Directories & Backup Files. Contribute to tismayil/ohmybackup development by creating an account on GitHub.

Share your videos with friends, family, and the world

Asus AsIO2 Local Privilege Escalation exploit (based on ReWolf's MSI exploit) - trou/asus-asio2-lpe-exploit

History In the recent year, major tech giants, like Google, Facebook, Magento, Shopify, Uber, Twitter, and Microsoft, have undergone XML …