InfoSec Write-ups - Medium-- Most of the Corporates do not focus on their internal security. They think that they are secure because their internal assets are accessible by internally. But Red Team Members know very well that How can attacker exploit internal infrastructures.Voice over Internet Protocol (VoIP) has seen rapid implementation over the past few … Continue reading A tale of VoIP Security Testing
InfoSec Write-ups - Medium-- Server-Side Request Forgery — SSRF: Exploitation TechniqueServer-side request forgery, or SSRF, is a vulnerability that allows an attacker to use a vulnerable server to make HTTP requests on the attacker’s behalf. This is similar to CSRF as both the vulnerabilities perform HTTP requests without the victim acknowledging it.With SSRF: the victim would be … Continue reading Server-Side Request Forgery — SSRF: Exploitation Technique
InfoSec Write-ups - Medium-- Memory Analysis For Beginners With Volatility Coreflood Trojan: Part 1Welcome to my series on memory analysis with Volatility. To start off the series I want to make sure we’re all sorted out with our knowledge of Windows internals. If you’re not sure you know about any of these subjects, you should go … Continue reading Memory Analysis For Beginners With Volatility – Coreflood Trojan: Part 1
InfoSec Write-ups - Medium-- TryHackMe : RootMe CTF Writeup (Detailed)Let’s dive in!!Task 1- Deploy the machineCreate a directory for your ctf machine on Desktop and a directory for nmapTask 2- ReconnaissanceNmap Scan :nmap -sC -sV -oN nmap/rootme <MACHINE_IP>-sC : Default scripts-sV : Version detection-oN : Output to be stored in the directory ‘nmap’ you created earlierNmap Scan OutputThere are 2 ports open : 22/ssh — OpenSSH 7.6p1 80/http — Apache httpd … Continue reading TryHackMe : RootMe CTF Walkthrough (Detailed)
InfoSec Write-ups - Medium-- CSRF : Web App Security BasicsCross Site Request Forgery (CSRF/XSRF) also known as One-Click Attack or session riding is type of attack where unintended actions are performed by the end user on web. For example, change of email address, password change, fund transfer, etc. actions could be performed while user is currently authenticated. … Continue reading CSRF : Web App Security Basics
InfoSec Write-ups - Medium-- Hack The Box Walkthrough — Magichttps://www.hackthebox.eu/home/machines/profile/241Magic is a Medium difficulty machine from Hack the Box created by TRX. My process involved a simple SQLi, Steganography, and Binary Planting.This is a raw walkthrough, so the process of me falling through rabbitholes upon rabbitholes are well documented here. It also reflects my thought process while … Continue reading Hack The Box Walkthrough — Magic
InfoSec Write-ups - Medium-- TryHackme: The Impossible Challenge Write-upUnicode Steganography with Zero-Width CharactersHi everyone !Room: The Impossible ChallengeDifficulty: MediumThe name already suggests it is bit tough and time-consuming challenge for me based on cryptography/stenography. So let’s hunt for flag….When you enter the room it looks all normal and from here trouble begins..Challenge includes a password-protected zip file named … Continue reading TryHackMe: The Impossible Challenge Write-up
InfoSec Write-ups - Medium-- Open Redirects are Unvalidated redirects and forwards that are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam … Continue reading Open Redirects & bypassing CSRF validations- Simplified
InfoSec Write-ups - Medium-- Hello researchers and bug hunters! Recently I found an interesting attack vector which I would like to share with you. Without losing time, let’s jump into it.Visiting the website (port 443), we see this webpage:/index.phpFinding LFI vulnerabilityLet’s browse through the website to see if we can find any interesting endpoint. Clicking to Contact … Continue reading Leveraging LFI to RCE in a website with +20000 users
InfoSec Write-ups - Medium-- Hack the Box — Blackfieldhttps://www.hackthebox.eu/home/machines/profile/255Blackfield is a 40-point machine from Hack the Box which requires you to exploit mistakes done after a recent computer forensic investigation recently done on the machine. The files left valuable information about the machine, usually extracted when doing computer forensics, which includes a dump of LSASS. Gaining access … Continue reading Hack the Box — Blackfield
Hacker's Directory 