Microsoft DREAD Framework Explained | Threat Modeling | TryHackMe
We covered the Microsoft DREAD risk assessment Framework. DREAD is used widely to assess risks and threats…
CyberSecurity Articles
SQL Injection | Bypassing Double Quotes | OverTheWire Natas Level 14
We covered a scenario of a login form vulnerable to SQL injection vulnerability. The source code allowed…
The MITRE ATT&CK Framework Explained | Threat Intelligence and Modeling | Part 1
We have explained the process of threat modeling and the related steps including scope definition, asset identification,…
Buffer Overflow Exploitation with Radare2 | P21 | HackTheBox Reg
We covered another example of a vulnerable binary to buffer overflow vulnerability. The binary has NX enabled…
Log File Poisoning and Windows Privilege Escalation | HackTheBox Bart
We covered Log File Poisoning and Windows Privilege Escalation by exploiting the auto-logon in Windows which saves…
Internet of Things Devices | Remote Command Execution | TryHackMe Bugged
We covered working with internet of things devices, went over the MQTT protocol, demonstrated the publisher/subscriber model…
Windows Active Directory Penetration Testing | P26 | HackTheBox Reel
We covered HackTheBox Reel machine which is part of pwn with Metasploit track. We demonstrated CVE-2017-0199 that…
Common Linux Persistence Techniques | TryHackMe Tardigrade
We covered three of the most common Linux persistence techniques such as writing commands in .bashrc file,…
Command Injection & SQL Injection | HackTheBox Looking glass & Sanitize | OWASP TOP 10
We covered Command Injection & SQL Injection which are in the OWASP TOP 10 list of vulnerabilities….
Broken Authentication | HTB OWASP TOP 10 – P2
We covered broken authentication, session hijacking and information disclosure as part of HTB OWASP TOP 10 track…
XML External Entity Injection | HackTheBox baby WAFfles order
We covered a simple demonstration of XML External Entity Injection vulnerability which is part of OWASP Top…
Fuzzing Web Applications with Wfuzz | HackTheBox baby todo or not todo
We covered Fuzzing Web Applications with Wfuzz specifically fuzzing API endpoints. This was part of HackTheBox OWASP…
Python Pickle Exploitation | HackTheBox OWASP Top 10 Baby Website Rick
We covered python pickle where we demonstrated the serialization and deserialization of python pickle objects. This was…
PHP Static-Eval Exploitation | HackTheBox Baby Breaking Grad
We covered basic white box penetration test by inspecting, analyzing and exploiting a web application source code…
Microsoft Exchange CVE-2021-34473 Exploit | TryHackMe LookBack
We covered a scenario where we performed a vulnerability scanning with Nikto on a vulnerable windows machine…
Microsoft Outlook NTLM Vulnerability | CVE-2023-23397 Demo
We covered the recent Microsoft Outlook NTLM Vulnerability CVE-2023-23397 that could lead to NTLM hash leak if…
Python Eval Function Exploitation | TryHackMe Devie
We covered a scenario that demonstrates python exploitation through Eval function. Additionally we covered an example of…
XML External Entity Injection Demonstration | HTB BountyHunter | CREST CRT Track
We covered a demo of XML External Entity Injection along with privilege escalation through exploiting Python eval…
Windows Privilege Escalation with PowerUp | HackTheBox Remote | CREST CRT Track
We covered HackTheBox Remote machine as part of CREST CRT (Registered Penetration Tester) Track. We demonstrated Umbraco…
Docker Privilege Escalation and SSTI Exploitation | HackTheBox GoodGames
We covered HackTheBox GoodGames as part of CREST CRT track. We went over SQL Injection, server side…