Most Recent Posts
Docker Escapes - 18 September 2026
2025
October 2025
Zipslip - 2 October 2025
XML External Entity (OSWE) - 2 October 2025
WPS Network Attacks (Used with WPA + WPA2) - 2 October 2025
WordPress Testing - 2 October 2025
WordPress CVEs - 2 October 2025
Wireshark - 2 October 2025
Wireless Penetration Testing - 2 October 2025
Wireless Penetration Testing (OSWP) Exam Notes - 2 October 2025
Wireless Networks - 2 October 2025
Wireless Honeypot Project Ideas - 2 October 2025
Windows - 2 October 2025
Windows RPC Vulnerability - 2 October 2025
Windows Privilege Escalation - 2 October 2025
Windows Internals - 2 October 2025
White Box Pentest Guide - 2 October 2025
WebView Attacks - 2 October 2025
Websocket - 2 October 2025
Websocket RCE (Authenticated) - 2 October 2025
Webpacks - 2 October 2025
Web Sockets - 2 October 2025
Web Resources - 2 October 2025
Web Cache Poisoning - 2 October 2025
Web Assembly - 2 October 2025
Web Application Penetration Testing - 2 October 2025
Web Application Firewall Presentation - 2 October 2025
WAF Bypass - 2 October 2025
VNC Testing - 2 October 2025
VMWare Esxi - 2 October 2025
Virtual Routers, VPF and VLAN - 2 October 2025
Virtual private network - 2 October 2025
Vim - 2 October 2025
Version Control - 2 October 2025
Verb Tampering - 2 October 2025
Useful Links - 2 October 2025
Use stdout=-1 to dump all contents to response - 2 October 2025
Universal XSS - 2 October 2025
Understanding Java Gadgets - 2 October 2025
Under The Door - 2 October 2025
TypeScript - 2 October 2025
Type Juggling - 2 October 2025
t=resetToken&p=CRX&s=Standard&id=guest&password1=password&password2=password - 2 October 2025
Transport Layer Security (TLS) protocol - 2 October 2025
Tools and Methodologies - 2 October 2025
To Do List - 2 October 2025
Theory - 2 October 2025
The complete list of all coding vulnerabilities - 2 October 2025
Testing Requirements - 2 October 2025
Testing Pre-installed Apps - 2 October 2025
Test - 2 October 2025
Template Injection (To escalate Prototype Pollution) - 2 October 2025
Techniques for Bypassing Request to Exit (REX) Doors - 2 October 2025
Task Hijacking Attacks - 2 October 2025
System - 2 October 2025
System Design - 2 October 2025
Summary - 2 October 2025
Subprocess (For Python 3) - 2 October 2025
Subdomain Takeover - 2 October 2025
SSM - 2 October 2025
SSH - 2 October 2025
SQL Injection - 2 October 2025
SQL Injection Techniques - 2 October 2025
Sqeakr - 2 October 2025
Spring4Shell - 2 October 2025
Spring - 2 October 2025
Some PHP Insecurity Challenges - 2 October 2025
Solidity - 2 October 2025
SMB - 2 October 2025
Slide 1: Introduction - 2 October 2025
Setting up SSH Keys - 2 October 2025
Setting Up Captive Portal on EC2 - 2 October 2025
ServiceNow - 2 October 2025
Server-Side Template Injection (SSTI) - 2 October 2025
Server-Side Request Forgery (SSRF) - 2 October 2025
Server-side Prototype Pollution - 2 October 2025
Semgrep - 2 October 2025
Security Breach - 2 October 2025
Scoping Requirements - 2 October 2025
Saml Misconfiguration - 2 October 2025
SameSite Attributes - 2 October 2025
Same Origin Policy Bypass - 2 October 2025
Same Origin Policy Basics - 2 October 2025
Salesforce Testing - 2 October 2025
Salesforce Marketing Cloud (SFMC) - 2 October 2025
Ruby on Rails Code Review - 2 October 2025
Ruby ERB SSTI - 2 October 2025
Rogue AP Setup README - 2 October 2025
Reverse Shell Cheat Sheet - 2 October 2025
Reverse Engineering - 2 October 2025
Resources - 2 October 2025
Report - 2 October 2025
Remove probe requests and responses (Management frames) - 2 October 2025
Regex - 2 October 2025
Red Team - 2 October 2025
Readme - 2 October 2025
React Native Mobile Applications - 2 October 2025
Raspberry Pi - 2 October 2025
Python Scripting - 2 October 2025
Python (Remote + Vscode) - 2 October 2025
Python Code Review - 2 October 2025
ProxyMan - 2 October 2025
Prototype Pollution - 2 October 2025
Prototype Pollution Presentation - 2 October 2025
Prototype Pollution Cheat Sheet - 2 October 2025
Prompts - 2 October 2025
Presentation - 2 October 2025
Presentation - Introduction to Browser Exploitation (Memory Exploitation) - 2 October 2025
Prep Links - 2 October 2025
Powershell - 2 October 2025
Postgres RCE - 2 October 2025
Postfix Logging - 2 October 2025
Post Exploitation - 2 October 2025
Pivoting - 2 October 2025
PHP WordPress Remote Debugging - 2 October 2025
PHP Type Juggling - 2 October 2025
PHP Remote Debugging - 2 October 2025
PHP Code Review Basics - 2 October 2025
Phishing - 2 October 2025
Persistent Payloads in PNG file upload - PHP - 2 October 2025
PDF Pentesting - 2 October 2025
Password Reset Authentication Bypass in Java (OSWE) - 2 October 2025
Password Databases (for bruteforce) - 2 October 2025
Password Cracking - 2 October 2025
Padlock Bypass Using Aluminum Can - 2 October 2025
Padding Oracle Attack - 2 October 2025
Over The Door - 2 October 2025
*OSX Penetration Testing - 2 October 2025
OSWE Bible - 2 October 2025
openITCOCKPIT XSS and OS Command Injection - Blackbox - 2 October 2025
openITCOCKPIT (Black Box Testing) - 2 October 2025
O365 - 2 October 2025
NPM issues - 2 October 2025
now we update the sqli - 2 October 2025
Notes - 2 October 2025
Nodejs (Remote + Vscode) - 2 October 2025
NodeJS Remote Debugging - 2 October 2025
Networking Commands - 2 October 2025
Network Infrastructure Penetration Testing - 2 October 2025
.NET Application Code Review (C#) - 2 October 2025
Neo4J --> Neo for Java - 2 October 2025
MySQL Logging - 2 October 2025
MYSQL Injection - 2 October 2025
Mvc + Http Routing - 2 October 2025
Multi-Factor Authentication - 2 October 2025
Modify 'g' value until substring starts with '0e - 2 October 2025
MobSF Automated Dynamic and Static Analysis - 2 October 2025
Miscellaneous Tools - 2 October 2025
Miscellaneous Tools for Python - 2 October 2025
Microservices - 2 October 2025
Microservices SSRF (Code Review of url-to-pdf-api) - 2 October 2025
Mastering AWS Cloudformation - 2 October 2025
MariaDB Logging - 2 October 2025
Malware Development - 2 October 2025
Malware Analysis - 2 October 2025
Magnetic Lock Systems - 2 October 2025
Mach Kernel - 2 October 2025
Lua Shellcode - 2 October 2025
Local Privilege Escalation - 2 October 2025
Local File Inclusion - 2 October 2025
Load balancer - 2 October 2025
Listo - 2 October 2025
Linux - 2 October 2025
LDAP Injection - 2 October 2025
Latch Slipping - 2 October 2025
Kubernetes - 2 October 2025
Kiosk Breakout - 2 October 2025
Kernel Exploitation - 2 October 2025
JSON Web Tokens - 2 October 2025
Javascript Code Review - 2 October 2025
Java - 2 October 2025
Java Web Application Code Review - 2 October 2025
Java Remote Debugging - 2 October 2025
Java Code Review - 2 October 2025
Intrusion detection system (IDS) - 2 October 2025
Internet Protocol security (IPsec) - 2 October 2025
Interactive Shell Upgrade - 2 October 2025
Intent Redirection - 2 October 2025
Insecure PHP Deserialization - 2 October 2025
Infrastructure as Code (IaC) Penetration Testing - 2 October 2025
Ieee 802.11 Standard - 2 October 2025
HTTP/2 Desync - 2 October 2025
HTTP Request Smuggling Attack - 2 October 2025
HTTP Parameter Pollution - 2 October 2025
HSQLDB - 2 October 2025
How does a CPU work? - 2 October 2025
Hinge Removal - 2 October 2025
Hardware - 2 October 2025
GraphQL - 2 October 2025
Golang Code Review - 2 October 2025
Github - 2 October 2025
General - 2 October 2025
Game Hacking - 2 October 2025
Fuzzing - 2 October 2025
Full Disclosure - 2 October 2025
Frida - 2 October 2025
Frames and Network Interaction - 2 October 2025
Forensics Testing - 2 October 2025
Follina Msdt - 2 October 2025
Firewall - 2 October 2025
Firebase - 2 October 2025
Find All Books - 2 October 2025
File Upload - 2 October 2025
File Transfer - 2 October 2025
Extra Mile - 2 October 2025
External Recon - 2 October 2025
External Infrastructure - 2 October 2025
Exploiting Permissive Cors Headers - 2 October 2025
Exploitation (Java) - 2 October 2025
Exam Revision - 2 October 2025
Enumerating Client Side JavaScript in Web Application Tests - 2 October 2025
Encryption - 2 October 2025
Encoding - 2 October 2025
Enable and disable monitor mode on wireless devices - 2 October 2025
ELK Stack - 2 October 2025
EDR Bypass - 2 October 2025
Dynamic Host Configuration Protocol - 2 October 2025
Dylib Injection - 2 October 2025
Driver Installation - 2 October 2025
Domain Fronting - 2 October 2025
DOM-based XSS (Client-side JavaScript Code Review) - 2 October 2025
Docker - 2 October 2025
DocEdit - 2 October 2025
Dns - 2 October 2025
DLL Hijacking - 2 October 2025
Directory Traversal - 2 October 2025
Directory Brute-forcing - 2 October 2025
Deserialization Basics - 2 October 2025
Dependency Chain Attacks - 2 October 2025
Denial of Service - 2 October 2025
Defeat the Pug! - 2 October 2025
Deep Link Exploitation - 2 October 2025
Debugging - 2 October 2025
Debugging Techniques - 2 October 2025
Data Wrangling - 2 October 2025
Data Mangling - 2 October 2025
CTF Challenges - 2 October 2025
Cryptography - 2 October 2025
Cross-site Scripting - 2 October 2025
Cross Origin Resource Sharing (CORS) - 2 October 2025
CRLF Injection - 2 October 2025
Credentials and Wordlists - 2 October 2025
Courses and Materials - 2 October 2025
Content Security Policy - 2 October 2025
Conferences and Education - 2 October 2025
Computing and Networking Theory - 2 October 2025
Comprehensive Physical Security Audit Checklist - 2 October 2025
Comprehensive Guide to Active Directory (AD) - 2 October 2025
Common ports to scan - 2 October 2025
Command Injection - 2 October 2025
Coding Standards - 2 October 2025
Code Snippets - 2 October 2025
Code Review Basics and Commands - 2 October 2025
Cloudformation - 2 October 2025
Cloudformation Powerpoint - 2 October 2025
Cloud Penetration Testing - 2 October 2025
Client-side Prototype Pollution - 2 October 2025
Client Side PHP - 2 October 2025
CICD Testing - 2 October 2025
Chinese Resources - 2 October 2025
Chatgpt Jailbreak - 2 October 2025
Challenge Link. - 2 October 2025
CDN - Content Delivery Network - 2 October 2025
C Code Review - 2 October 2025
Bypassing EDR - 2 October 2025
Bypass - 2 October 2025
Bug Bounty - 2 October 2025
Browser Exploits - 2 October 2025
Blockchain and Smart Contracts - 2 October 2025
Beside The Door - 2 October 2025
Bash Scripting - 2 October 2025
AWS Services Explained - 2 October 2025
AWS Notes - 2 October 2025
AWS Certified Solutions Architect - 2 October 2025
AWS Certified Cloud Practitioner - 2 October 2025
Availability Zones + Regions - 2 October 2025
Authentication - 2 October 2025
Authenticated (Administrator) SQL Injection in Better Search Replace Plugin <=1.4 - 2 October 2025
AST (Abstract Syntax Tree) Injection - 2 October 2025
API Penetration Testing - 2 October 2025
Apache PHP Logging - 2 October 2025
Answers - 2 October 2025
Android - 2 October 2025
Android Presentation (Credits to Luke Symons) - 2 October 2025
Active Directory Basic Commands - 2 October 2025
Active Directory Attack Methodology - 2 October 2025
Active Directory (AD) - 2 October 2025
9.6.2 - 2 October 2025
9.5.3 - 2 October 2025
9.5.2 - 2 October 2025
9. ERPNext Authentication Bypass and Server Side Template Injection - 2 October 2025
802.11 Options - 2 October 2025
8. DotNetNuke Cookie Deserialization RCE - 2 October 2025
7.5 - 2 October 2025
6.8.2 (Incomplete) - 2 October 2025
6.5.1 (Incomplete) - 2 October 2025
4.9.4 - 2 October 2025
4. ATutor Authentication Bypass and RCE - 2 October 2025
3. Ssl Pinning - 2 October 2025
14.5.2 - 2 October 2025
14.5.1 - 2 October 2025
14.4.2 - 2 October 2025
14.2.3 (P) - 2 October 2025
13.7.1 - 2 October 2025
13.6.2 - 2 October 2025
13.6.1 - 2 October 2025
13.4.5 (Incomplete) - 2 October 2025
13.4.2 - 2 October 2025
13.3.2 - 2 October 2025
13. Server Side Request Forgery - 2 October 2025
12.3 (P) - 2 October 2025
12.2.5 - 2 October 2025
12. Concord Authentication Bypass to RCE - 2 October 2025
11.7.6 (Incomplete) - 2 October 2025
11.6.5 (Incomplete) - 2 October 2025
11.6.4 (Incomplete) - 2 October 2025
11.6.2 - 2 October 2025
10.3.5 - 2 October 2025
10.2.4 - 2 October 2025
10. OpenCRX Authentication Bypass and Remote Code Execution - 2 October 2025
None - 2 October 2025
None - 2 October 2025
September 2025
CTF Notes and Payloads - 22 September 2025
LLM Driving 0Day Research - 18 September 2025
Kubernetes (K8) Research - 16 September 2025
Github Actions - 16 September 2025
2022
September 2022
Sap Icmad Cve 2022 22536 - 29 September 2022
2021
September 2021
Office RCE Exploit: CVE-2021-40444 - 20 September 2021