Responsive image

Advanced JavaScript Injections

Simple JavaScript injections like ‘-alert(1)-’ or even \’-alert(1)// (see cases #6 and #7 here) are usually enough to pop an alert box in a vulnerable page when an input reflection happens inside a script block and no HTML injection is possible (case #5 of same post above).
Tags: sqli,javascript,pentesting

Windows Sandbox

Windows Sandbox is a new lightweight desktop environment tailored for safely running applications in isolation.
Tags: vm,isolation,microsoft,sandbox

Command and Control with WebSockets WSC2

this all started with a conversation I was having with a few other BHIS testers. At the time, I was testing a web application that used WebSockets. The app was giving me headaches, and I was venting my frustration. Penetration testers, red teams, and baddies are always looking for new ways to sneak by defenses.
Tags: security,pentest,c&c,websockets

Exploiting Second Order SQLi Flaws by using Burp & Custom Sqlmap Tamper

Web applications evolved in the last century from simple scripts to single page applications. Such complex web applications are prone to different types of security vulnerabilities. One type of vulnerability, named as secondorder, occurs when an attack payload is first stored by the application on the web server and then later on used in a security-critical operation.
Tags: security,web,pentest,sqli

Reversing ALPC: Where are your windows bugs and sandbox escapes?

The goal of this post is to understand my process for finding bugs (which are generally done through any means necessary), so it’s important to note they aren’t indicative of mastery in any given subject. As always, if you find any errors, or corrections, feel free to contact me. This is a personal hobby of mine and do not profess to being a professional vulnerability researcher.
Tags: windows,alpc,sandbox,exploit

Introduction to Linux interfaces for virtual networking

Linux has rich virtual networking capabilities that are used as basis for hosting VMs and containers, as well as cloud environments. In this post, I will give a brief introduction to all commonly used virtual network interface types.
Tags: linux,network

The Ethernaut is a Web3/Solidity based wargame inspired on, played in the Ethereum Virtual Machine. Each level is a smart contract that needs to be 'hacked'.

The game is 100% open source and all levels are contributions made by other players. Do you have an interesting idea? PRs are welcome at Are you interested in smart contract development or security? Does securing the world’s blockchain infrastructure sound exciting to you? We are hiring!
Tags: security,pentesting,blockchain


This is a honeypot programmed in Micropython for the ESP8266
Tags: honeypot,security,esp

Practical Web Cache Poisoning

Web cache poisoning has long been an elusive vulnerability, a 'theoretical' threat used mostly to scare developers into obediently patching issues that nobody could actually exploit.
Tags: burp,exploit,method,cache,security

NTLM Credentials Theft via PDF Filesned

Just a few days after it was reported that malicious actors can exploit a vulnerability in MS outlook using OLE to steal a Windows user’s NTLM hashes, the Check Point research team can also reveal that NTLM hash leaks can also be achieved via PDF files with no user interaction or exploitation.
Tags: exploit,pdf,CVE-2018-4993