PinnedPublished inPentester Academy BlogIaC (Terraform) for PentestersInfrastructure as Code (IaC) is an amazing tool for anyone managing infra. But like any other system, it can be attacked.Jun 27, 2022Jun 27, 2022
PinnedPublished inPentester Academy BlogXSLT Injections for DummiesDiscussing this often-overlooked class of vulnerabilities and possible attack surfaces.May 17, 20221May 17, 20221
PWSA: NoSQL injection to data exfiltrationLet’s discuss about how we can leverage NoSQL injections to exfiltrate data and automate the process, with PortSwigger WebSecurity Academy!Mar 11, 2024Mar 11, 2024
PWSA: NoSQL injection to auth bypassLet’s discuss about how we can leverage NoSQL injections to bypass authentication, with PortSwigger Web Security Academy labs!Mar 10, 2024Mar 10, 2024
PWSA: Detecting NoSQL injectionLet’s learn how to detect NoSQL in PortSwigger Web Security Academy lab!Mar 10, 2024Mar 10, 2024
My OSCP Exam DayAn account of those 48 hours — the day when my preparation was tested!Jan 13, 20242Jan 13, 20242
Published inPentester Academy BlogFrom Zip Slip to System TakeoverHow unzipping malicious archives can lead to Path Traversal and Symlink file overwrite attacksJun 1, 2022Jun 1, 2022
Published inPentester Academy BlogSupply Chain Attacks: Case StudiesLet’s take a look at a few case studies on different Supply Chain Attacks.Apr 6, 2022Apr 6, 2022
Published inPentester Academy BlogSupply Chain Attacks: A ripe area for researchLet’s discuss about Supply Chain Attacks and why it’s a great research area in the recent times.Mar 23, 2022Mar 23, 2022
A10:2021-Server-Side Request ForgeryLet’s discuss about the #10 vulnerability OWASP Top 10 2021 list…Sep 21, 2021Sep 21, 2021