How a Routine Configuration Change Uncovered a Critical Vulnerability in KibanaIt all started with a simple question: What if everyone else missed something big?Mar 13Mar 13
Unleashing Chaos: Exploiting a Fresh Zero-Day in Ivanti Connect Secure VPNOn Wednesday, Jan. 8, 2025, Ivanti disclosed two critical vulnerabilities, CVE-2025–0282 and CVE-2025–0283, impacting their Connect Secure…Jan 15Jan 15
From Discovery to Mastery: The Vulnerability That Ignited My Web Application Security JourneyMy journey into web application security began with curiosity and a desire to dive deep into this intriguing domain. Like many starting…Oct 16, 2024Oct 16, 2024
Breaking Through 2FA: How Attackers Bypass Two-Factor Authentication and Exploit AccountsTo combat password theft and hacking, many applications have implemented two-factor authentication (2FA). This security measure requires…Sep 7, 2024Sep 7, 2024
The Vital Role of GRC and ISO Standards in Nepal’s IT IndustryNepal’s IT industry has witnessed a remarkable transformation over the past decade, evolving from a nascent sector into a dynamic force…Jul 5, 2024Jul 5, 2024
Thomas DEVerson WriteupSo, it’s all about the website which is still up and running 200 years later. Don’t you get it? Had question on your head what am talking…May 28, 2024May 28, 2024
Hacking AWS-Flaws.cloud Walkthrough(Lvl 1–2)Created by Summit Route’s Scott Piper, Flaws.cloud is an interactive application that teaches Amazon Web Services (AWS) security…Apr 2, 2024Apr 2, 2024
Let’s exploit AWSRobust cloud security measures are critical, as more and more businesses shift their operations to Amazon Web Services (AWS). However…Mar 26, 2024Mar 26, 2024
OAuth 2.0 VulnerabiltiesYou have most likely come across websites that allow you to check in using your social media account while exploring the internet. It’s…Mar 19, 2024Mar 19, 2024
Beginner’s guide to GraphQLFacebook introduced GraphQL in 2015, providing a fresh, exciting substitute for the conventional REST API. Since then, GraphQL has been…Mar 12, 2024Mar 12, 2024
Linux Local Privilege Escalation “Dirty Pipe” [CVE-2022–0847]Security researcher Max Kellerman revealed the existence of “Dirty Pipe,” a Linux local privilege escalation vulnerability, along with a…Mar 5, 2024Mar 5, 2024
Beginners Guide To Server Side Request ForgeryHello aspiring Ethical Hackers. In this blogpost, you will learn about Server Side Request Forgery. Server Side Request Forgery (SSRF) is…Feb 27, 2024Feb 27, 2024
Jangow:1.0.1 WalkthroughGetting root access to the target machine is the aim of the capture the flag (CTF) attack. It is said that the key to cracking this CTF is…Feb 20, 20241Feb 20, 20241
DeathNote VulnHub WalkthroughWe will examine Vulnhub: DeathNote today. My intention in sharing this article with you is to help you find your way out of difficulties…Feb 13, 2024Feb 13, 2024
JAuth- picoCTFIt is somewhat irrelevant that the description informs us about certain vulnerabilities that have been exploited in actual businesses. The…Jan 23, 2024Jan 23, 2024
Username enumeration via account lockThis post is a part of my PortSwigger’s Web Security Academy walkthrough series and covers the lab’s username enumeration via account lock.Jan 16, 2024Jan 16, 2024
![Linux Local Privilege Escalation “Dirty Pipe” [CVE-2022–0847]](https://miro.medium.com/v2/resize:fill:80:53/1*cnSNeF4yG0LQo1HxegQmjg.png)
![Linux Local Privilege Escalation “Dirty Pipe” [CVE-2022–0847]](https://miro.medium.com/v2/resize:fill:160:107/1*cnSNeF4yG0LQo1HxegQmjg.png)
