PinnedShivam BathlainPentester Academy BlogIaC (Terraform) for PentestersInfrastructure as Code (IaC) is an amazing tool for anyone managing infra. But like any other system, it can be attacked.Jun 27, 2022Jun 27, 2022
PinnedShivam BathlainPentester Academy BlogXSLT Injections for DummiesDiscussing this often-overlooked class of vulnerabilities and possible attack surfaces.May 17, 20221May 17, 20221
Shivam BathlaPWSA: NoSQL injection to data exfiltrationLet’s discuss about how we can leverage NoSQL injections to exfiltrate data and automate the process, with PortSwigger WebSecurity Academy!Mar 11Mar 11
Shivam BathlaPWSA: NoSQL injection to auth bypassLet’s discuss about how we can leverage NoSQL injections to bypass authentication, with PortSwigger Web Security Academy labs!Mar 10Mar 10
Shivam BathlaPWSA: Detecting NoSQL injectionLet’s learn how to detect NoSQL in PortSwigger Web Security Academy lab!Mar 10Mar 10
Shivam BathlaMy OSCP Exam DayAn account of those 48 hours — the day when my preparation was tested!Jan 132Jan 132
Shivam BathlainPentester Academy BlogFrom Zip Slip to System TakeoverHow unzipping malicious archives can lead to Path Traversal and Symlink file overwrite attacksJun 1, 2022Jun 1, 2022
Shivam BathlainPentester Academy BlogSupply Chain Attacks: Case StudiesLet’s take a look at a few case studies on different Supply Chain Attacks.Apr 6, 2022Apr 6, 2022
Shivam BathlainPentester Academy BlogSupply Chain Attacks: A ripe area for researchLet’s discuss about Supply Chain Attacks and why it’s a great research area in the recent times.Mar 23, 2022Mar 23, 2022
Shivam BathlaA10:2021-Server-Side Request ForgeryLet’s discuss about the #10 vulnerability OWASP Top 10 2021 list…Sep 21, 2021Sep 21, 2021