InfoSec Write-ups - Medium-- WebGoat Without password challengeSecond WebGoat challenge, we have to log in as Larry, let’s see what’s in hereThe “Forgot Password” link is fake and not much in HTML sourceBurp shows that, apart from the request to /WebGoat/Challenge5.lesson.lesson and its HTML, there is not much else when requesting the pageThere is a /WebGoat/lesson_css/challenge6.css file loaded … Continue reading WebGoat Without password Challenge
InfoSec Write-ups - Medium-- Easy level CTF ChallengeNo need to wait; connect to your OpenVPN network and join the room.Task 1 Investigate!After deploying the machine, you will get your machine IP in one min. Let us start by scanning the machine through Nmap.nmap -sV -sC -A <machine_ip>Nmap Scan results2. Let’s search for hidden extensions in HTTP through Gobuster Tool.gobuster … Continue reading TryHackMe: Break Out The Cage 1 Write-up
InfoSec Write-ups - Medium-- LAN Captive portal — beginners GuideCaptive Portals are a common security procedure, used consistently on your wifi network for guests or even when outsource employees work within your internal LAN, connecting through ethernet wall sockets.One way to do so is to enforce it by creating a VLAN ( virtual LAN ) on your subnet … Continue reading LAN Captive portal — beginners Guide
InfoSec Write-ups - Medium-- Understanding & Exploiting: Cross-Site Request Forgery — CSRF vulnerabilitiesCross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unintended actions on a web application in which they are currently authenticated. With a little social engineering, an attacker may force the users of a web application to execute actions of … Continue reading Understanding & Exploiting: Cross-Site Request Forgery — CSRF vulnerabilities
InfoSec Write-ups - Medium-- Disclaimer: Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purpose. Neither administration of this website, the authors of this material, or anyone else affiliated in any way, is going to accept responsibility for your action. We do not own … Continue reading Anatomy of Disk Recovery Evasion
InfoSec Write-ups - Medium-- Welcome folks!! We are going to do Biohazard CTF on TryHackMe.This is a puzzle-based CTF inspired by the iconic Resident Evil series. If…Continue reading on InfoSec Write-ups » View original article on InfoSec Write-ups - Medium
InfoSec Write-ups - Medium-- Utilize a Cloud C2 server and WireGuard to easily set up connections to private networks for pentesting or sysadmin.Continue reading on InfoSec Write-ups » View original article on InfoSec Write-ups - Medium
InfoSec Write-ups - Medium-- Simple Methodology to follow when starting a bug bountyPhoto by TechGig.comProject TrackingKeep track of site-hierarchy, tools output, interesting notes, etc.We can use mind-maps to visualize large scope by bug bounty hunting targets and allows them to break up methodology for in-depth bug hunting as well.Mission-wide recon is the art of discovering as many assets … Continue reading How to start Bug Bounty?
InfoSec Write-ups - Medium-- Bypass AMSI in PowerShell — A Nice Case StudyIn one of the RedTeam projects, I was looking to use BloodHoundAD Script. BloodHound is a single page JavaScript web application, built on top of Linkurious, compiled with Electron, with a Neo4j database fed by a C# data collector. BloodHound uses graph theory to reveal the … Continue reading Bypass AMSI in PowerShell — A Nice Case Study
InfoSec Write-ups - Medium-- Welcome folks!! We are going to do GamingServer CTF on TryHackMe.Continue reading on InfoSec Write-ups » View original article on InfoSec Write-ups - Medium
Hacker's Directory 