TryHackMe IDE
A short write-up of the TryHackMe IDE room
I recently found a critical vulnerability on a private program on HackerOne that allowed me to get their Amazon Web
XXE to AWS metadata disclosure Read Post »
Heroku subdomain takeovers are possible for herokuapp.com CNAMEs, and can be identified by the ‘No such app’ page: And a
Subdomain Takeovers: Heroku Read Post »
HackerOne recently held a CTF with the objective to hack a fictitious bounty payout application. While my write-up of this
H1-2006 CTF Write-up Read Post »
Today I’m going to write how to get the answers to the security answers for the lost password functionality in
OWASP Juice Shop Cracking Read Post »
The OWASP Juice Shop is a vulnerable web application to train web application hacking on, much like OWASP WebGoat which
OWASP Juice Shop SQLi Read Post »
The WebGoat XXE (XML External Entity) section has 3 exercises. The first 2 are pretty easy, the last one quite
The OWASP WebGoat SQL Injection Mitigation lesson 8 is another blind SQL exercise, very similar to the SQL advanced lesson
OWASP WebGoat SQLi mitigation lesson 8 Read Post »
Last week I wrote about the OWASP WebGoat XSS lessons. Today I’d like to write a few pointers on how to
OWASP WebGoat SQL advanced lesson 5 Read Post »
I recently installed WebGoat, a deliberately vulnerable web app with built-in lessons. While some of the lessons are very easy, they
OWASP WebGoat XSS lessons Read Post »
I recently started playing around with the Damn Vulnerable Web Application, a PHP/MySQL web app for security researchers and students.
DVWA login brute-forcer in Python Read Post »