ChuxSQLi, SSRF And Code Secrets — All In OneIn this engagement, we’ll talk about little bit of recon, some code review and a creative way to exploit secrets and vulnerabilities that…9 min read·Jun 1, 2024--2--2
ChuxReal World GitLab Account Take OverNew target, this time it’s a company that provides VoIP solutions. The target has some serious clients like government organizations, banks…5 min read·May 3, 2024--2--2
ChuxHow A Blackbox Target Turned To Whitebox With ReconI was invited to a private bug bounty program of a tech company, one of the biggest tech companies in its country. The scope was pretty…9 min read·Apr 27, 2024----
Chux5 Methods I Use To Discover APIsWhile working on a target, some of the most interesting parts to test is its API. APIs are dynamics, they get updated more often then other…12 min read·Apr 12, 2024--2--2
Chux5 Advanced Ways I Test For File Upload VulnerabilitiesAs red teamers, pentesters and bug hunters — we all love to see file upload functionalities in our targets. There are many things that can…7 min read·Mar 22, 2024--1--1
ChuxCredential stuffing like an APT: 10 secrets for credentials harvestingLately we heard about many different security breaches to some of the big brands out there, some of them like Microsoft were breached as a…11 min read·Mar 16, 2024----
ChuxFrom S3 bucket to internal network operationWe are all familiar with AWS’s S3 buckets that became popular because of their different use cases. From hosting static files (Javascript…4 min read·Mar 8, 2024--4--4
ChuxSpotting the (Helix) KittenExecutive Summary In this article, we will go through seven of the most recent (published) attacks of the threat actor known as APT34 (AKA…12 min read·Sep 27, 2022----