Osama AvvanStealing NTLM hashes with PDFIn this write-up, we will discuss how to steal NTLM hashes using a PDF file.Jul 72Jul 72
Osama AvvanAWS Cross Account EnumerationAWS Cross Account Enumeration involves probing and identifying resources within one AWS account from another account without proper…Jun 6Jun 6
Osama AvvanGuide to AWS Penetration TestingCloud security is an ever-evolving domain, and AWS, being a leader in cloud services, is often a target for penetration testers aiming to…Jun 55Jun 55
Osama AvvanAndroid SSL Pinning Bypass (Part 1)Hi Folks, I hope you are all doing well. I will be doing a series of writeups for the SSL Pinning Bypass for Android, we will be starting…May 281May 281
Osama AvvanBreaking Down DOM-based XSS: A Practical ExplorationHi Folks, I hope you are all doing well. This write-up is about DOM XSS and how you can hunt for DOM XSS by simply doing Source Code…May 111May 111
Osama AvvanSocial Media Account TakeoverHi, Today's write-up is about a common security vulnerability that is mostly overlooked by security researchers and the companies…Apr 28, 2023Apr 28, 2023
Osama AvvanUnauthenticated GraphQL Introspection and API callsAssalam u Alikum Everyone, it’s been a while since my last writeup. So here I am with another interesting finding.Feb 26, 20232Feb 26, 20232
Osama AvvanExploiting WebSocket [Application Wide XSS / CSRF]Assalam u Alikum, it’s been a while I haven’t contributed to this wonderful community so I am back with a new write up about WebSocket…Feb 17, 20204Feb 17, 20204
Osama AvvaninInfoSec Write-upsExploiting JSONP and Bypassing Referer CheckHi Folks, hope you are all fine, so this writeup is about exploiting JSONP to extract private data from API endpoints and bypassing the…Sep 7, 20194Sep 7, 20194