Home

SheHacksKE Intervasity CTF 2023 Web Writeups On friday the 22nd of September 2023 I had an opportunity to take part in the Annual Intervasity CTF from SheHacksKE with some friends from fr334aks under the alias “Seekers” which was partly online and also onsite at USIU Africa, We ended up winning 🥇 beating atleast other 80 teams that had atl...

Daily RoundUP I will be sharing all the handy links that come across on a daily basis (I hope) within the week,sorted by categories 20th Sep 2023 CTF web ctf challs Bug Bounty Live recon with Tomnomnom 27th October 2023 Jsonp attacks Learn365 by Harshbothra Context Aware Content Discovery ...

Introduction In this post we will cover the basics of XSS automation using Paramspider and kxss applicable in pentesting and Bug Bounties Prerequisites Paramspider kxss What is XSS XSS (Cross-Site Scripting) is a type of security vulnerability that can be found in web applications. It allows an attacker to inject...

For the Wins (FTW) Below will be a compilation of one-liners and other tricks to solve common issues that i come across Installing Python2.7 on Kali Linux sudo apt install python2.7 python2.7-dev -y && curl -O https://bootstrap.pypa.io/pip/2.7/get-pip.py && sudo python2.7 get-pip.py Fixing the invalid “egg_info” command ...

Prototype Pollutions 1. What is prototype pollution? 2. How does prototype pollution occur? 3. Examples of prototype pollution vulnerabilities 4. How to prevent prototype pollution 5. Conclusion 1. What is prototype pollution? To understand prototype pollutions we may start by defining a prototypes in Javascript, according to MDN doc, “Proto...

Dangerous PHP Functions Command Execution exec - Returns last line of commands output passthru - Passes commands output directly to the browser system - Passes commands output directly to the browser and returns last line shell_exec - Returns commands output \`\` (backticks) - Same as shell_exec() popen - O...

WebApp Security Will be using the below checklist to mark out already covered topics or otherwise for complete tasks for incomplete tasks Web Security Topics for selfstudy: Sql Injection Attack Hibernate Query Language Injection Direct OS Code Injection XML Entity Injection Brok...

Eagle Eye Eagle eye is a memory forensics challenge rated between hard and insane, as of writing this writeup the challenge has 15 solves in 4 months TL:DR Windows memory forensics using volatility2 using mftdump vol2 plugin Challenge Description When you deal with an attacker, don’t always trust what you see. S...