PinnedVarsha ChahalDemystifying CSRF: Insights, Experiments, and Effective PayloadsCSRF(Cross-Site Request Forgery) is a web security vulnerability in which an attacker forces a victim to perform an unintended action…May 1May 1
Varsha ChahalKali setup on Raspberry Pi: Part 4, SSH TunnelingWhen setting up a VNC connection to your server, you will see a message indicating that your connection is unencrypted. This is because VNC…Jan 25Jan 25
Varsha ChahalKali setup on Raspberry Pi: Part 3, Setup VNC server and clientI have used the x11vnc server and RealVNC viewer client. To install VNC server on Kali run the following command,Jan 25Jan 25
Varsha ChahalKali setup on Raspberry Pi: Part 2, Setup SSH connectionNow, let’s establish an SSH connection to the Kali box to remotely control and configure it. Recall that we activated SSH on the Raspberry…Jan 25Jan 25
Varsha ChahalKali setup on Raspberry Pi: Part 1, Install KaliThis article is the first part of the series “Kali setup on Raspberry Pi”.Jan 25Jan 25
Varsha ChahalWorking with Macros in Burp SuiteRecently, while testing for Server Side Template Injection on a website, I observed that the payload was reflected on a different web page…Jan 14Jan 14
Varsha ChahalExfiltrate data out-of-band using a pre-built deserialization gadget chainAfter authentication, notice the session cookie. Base64 decoding the cookie reveals that it is a serialized object with fields ‘username’…Jan 8Jan 8
Varsha ChahalExploiting PHP deserialization with a pre-built gadget chainWhat is insecure deserialization? Insecure deserialization occurs when user-controllable data is deserialized by a website. The attacker…Jan 7Jan 7