Ashlyn LIntruder + Frida to Account Takeover3 months ago, I found an account takeover vulnerability that needed the help of Frida to complete the attack. Remember my debut blog was on…Jul 13Jul 13
Ashlyn LUncovering Vulnerabilities: 4-Step Simple Guide to Debug JavascriptIn penetration testing, how far will we go when it comes to the JS codes used by the application? In most cases, the checks will primarily…Jan 30Jan 30
Ashlyn LGaining Admin Access via GraphQLThis is a simple story about chaining 2 vulnerabilities to gain access to an administrative website. I’m going to share the thought process…Oct 2, 20232Oct 2, 20232
Ashlyn LPrivilege Escalation — Playing with the various stages of a session stateA few months ago I came across an interesting find on a self-registration application in a Blackbox testing approach. As always, I will…Aug 6, 2023Aug 6, 2023
Ashlyn LinSystem WeaknessGetting Secret Key to Building Custom Burp ExtensionOops, can we just wrap up the testing and proceed to report writing? 🤭 NO!!!Dec 29, 2022Dec 29, 2022
Ashlyn L2FA Bypass Do Re MiNot all 2FA bypass techniques are made equal, the most common scenario I came across are either one of the following:Aug 16, 20222Aug 16, 20222
Ashlyn LFrida Hooking Native FunctionsAre you ready for Part 3?! This is the continuation from my previous post of Frida Hooking Journey Part 1&2.Aug 2, 2022Aug 2, 2022
Ashlyn LHow I Create Message Signature using Frida Hooking?Journey to greatness is often lonely and everything worthwhile is uphill, when looking down from a certain mountain peak, you will forget…Jun 12, 2022Jun 12, 2022
Ashlyn LinNumen Cyber LabsFrida Hooking Journey Part 2“Keep working hard, persevere to dive deeper until you know what you don’t know….” — Rock KApr 27, 2022Apr 27, 2022
Ashlyn LinNumen Cyber LabsFrida Hooking Journey Part 1“If I have seen further, it is by standing on the shoulders of giants.” -Sir Issac NewtonApr 4, 2022Apr 4, 2022