PinnedShivam BathlainPentester Academy BlogIaC (Terraform) for PentestersInfrastructure as Code (IaC) is an amazing tool for anyone managing infra. But like any other system, it can be attacked.6 min read·Jun 27, 2022----
PinnedShivam BathlainPentester Academy BlogXSLT Injections for DummiesDiscussing this often-overlooked class of vulnerabilities and possible attack surfaces.6 min read·May 17, 2022--1--1
Shivam BathlaPWSA: NoSQL injection to data exfiltrationLet’s discuss about how we can leverage NoSQL injections to exfiltrate data and automate the process, with PortSwigger WebSecurity Academy!8 min read·Mar 11, 2024----
Shivam BathlaPWSA: NoSQL injection to auth bypassLet’s discuss about how we can leverage NoSQL injections to bypass authentication, with PortSwigger Web Security Academy labs!4 min read·Mar 10, 2024----
Shivam BathlaPWSA: Detecting NoSQL injectionLet’s learn how to detect NoSQL in PortSwigger Web Security Academy lab!3 min read·Mar 10, 2024----
Shivam BathlaMy OSCP Exam DayAn account of those 48 hours — the day when my preparation was tested!8 min read·Jan 13, 2024--1--1
Shivam BathlainPentester Academy BlogFrom Zip Slip to System TakeoverHow unzipping malicious archives can lead to Path Traversal and Symlink file overwrite attacks5 min read·Jun 1, 2022----
Shivam BathlainPentester Academy BlogSupply Chain Attacks: Case StudiesLet’s take a look at a few case studies on different Supply Chain Attacks.5 min read·Apr 6, 2022----
Shivam BathlainPentester Academy BlogSupply Chain Attacks: A ripe area for researchLet’s discuss about Supply Chain Attacks and why it’s a great research area in the recent times.8 min read·Mar 23, 2022----
Shivam BathlaA10:2021-Server-Side Request ForgeryLet’s discuss about the #10 vulnerability OWASP Top 10 2021 list…2 min read·Sep 21, 2021----