ChuxBlackhatOps #1: A Syndicate Of HackersDisclaimer: BlackhatOps is an educational hacking series that builds a special plot for various cyber attacks in order to make an…Aug 16Aug 16
ChuxSQLi, SSRF And Code Secrets — All In OneIn this engagement, we’ll talk about little bit of recon, some code review and a creative way to exploit secrets and vulnerabilities that…Jun 12Jun 12
ChuxinInfoSec Write-upsReal World GitLab Account Take OverNew target, this time it’s a company that provides VoIP solutions. The target has some serious clients like government organizations, banks…May 32May 32
ChuxHow A Blackbox Target Turned To Whitebox With ReconI was invited to a private bug bounty program of a tech company, one of the biggest tech companies in its country. The scope was pretty…Apr 27Apr 27
ChuxinInfoSec Write-ups5 Methods I Use To Discover APIsWhile working on a target, some of the most interesting parts to test is its API. APIs are dynamics, they get updated more often then…Apr 123Apr 123
Chux5 Advanced Ways I Test For File Upload VulnerabilitiesAs red teamers, pentesters and bug hunters — we all love to see file upload functionalities in our targets. There are many things that can…Mar 224Mar 224
ChuxCredential stuffing like an APT: 10 secrets for credentials harvestingLately we heard about many different security breaches to some of the big brands out there, some of them like Microsoft were breached as a…Mar 16Mar 16
ChuxFrom S3 bucket to internal network operationWe are all familiar with AWS’s S3 buckets that became popular because of their different use cases. From hosting static files (Javascript…Mar 84Mar 84
ChuxSpotting the (Helix) KittenExecutive Summary In this article, we will go through seven of the most recent (published) attacks of the threat actor known as APT34 (AKA…Sep 27, 2022Sep 27, 2022