Published inSystem WeaknessWhat We Learned From Salt Typhoon Telecom’s OperationRecently CrownStrike released a report about a big operation of the Chinese threat actor on telecom companies. But this operation wasn’t…Dec 13, 20241Dec 13, 20241
Published inInfoSec Write-ups5 Ways I Got RCE’s In the WildFor offensive security professionals, finding RCE vulnerabilities is usually a crown jewel for many black-box and white-box projects. These…Dec 7, 20244Dec 7, 20244
Published inInfoSec Write-upsFrom File Upload To LFI: A Journey To ExploitationRecently I had a client that asked for a black-box pentest for a new web app that the company was about to release. The objective of this…Dec 2, 20241Dec 2, 20241
5 Side Hustles For Ethical HackersAs the offensive cyber roles (pentesters, red teamers, security researchers and more) are considered to be well paid jobs, ethical hackers…Nov 30, 2024Nov 30, 2024
BlackhatOps #1: A Syndicate Of HackersDisclaimer: BlackhatOps is an educational hacking series that builds a special plot for various cyber attacks in order to make an…Aug 16, 2024Aug 16, 2024
SQLi, SSRF And Code Secrets — All In OneIn this engagement, we’ll talk about little bit of recon, some code review and a creative way to exploit secrets and vulnerabilities that…Jun 1, 20242Jun 1, 20242
Published inInfoSec Write-upsReal World GitLab Account Take OverNew target, this time it’s a company that provides VoIP solutions. The target has some serious clients like government organizations, banks…May 3, 20242May 3, 20242
How A Blackbox Target Turned To Whitebox With ReconI was invited to a private bug bounty program of a tech company, one of the biggest tech companies in its country. The scope was pretty…Apr 27, 2024Apr 27, 2024
Published inInfoSec Write-ups5 Methods I Use To Discover APIsWhile working on a target, some of the most interesting parts to test is its API. APIs are dynamics, they get updated more often then…Apr 12, 20243Apr 12, 20243
5 Advanced Ways I Test For File Upload VulnerabilitiesAs red teamers, pentesters and bug hunters — we all love to see file upload functionalities in our targets. There are many things that can…Mar 22, 20245Mar 22, 20245