InfoSec Write-ups - Medium-- Internet Bank Account Takeover of +1M users — Real ScenarioInternet Bank Account TakeoverOAuth is an open protocol to allow authorization in a simple and standard method from web, mobile and desktop applications. OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to … Continue reading Internet Bank Account Takeover of +1M users — Real Scenario

InfoSec Write-ups - Medium-- Domain Controller Reconnaissance | Password-spraying | Brute-force attack | SeLoadDriverPrivilege AbuseContinue reading on InfoSec Write-ups » View original article on InfoSec Write-ups - Medium

InfoSec Write-ups - Medium-- Announcing the Winners of Pentester Lab Pro Subscription Giveaway — October 2020And an exciting new contest running through all of November 2020Pentester LabHello folks!What a month it has been. Concluding this awesomeness, we have the three winners of the contest we organised in collaboration with PentesterLab.Aaaaaaand the winners are (drumroll):goswamiijaya for — Server-Side Request Forgery — SSRF: Exploitation Technique … Continue reading Announcing the Winners of Pentester Lab Pro Subscription Giveaway — October 2020

InfoSec Write-ups - Medium-- The purpose of the HTTP Host header is to help identify which back-end component the client wants to communicate with. Several misconfigurations and flawed business logic can expose websites to a variety of attacks via the HTTP Host header. Before diving in, let’s understand some basic terminology.What is an HTTP Header?HTTP headers … Continue reading Identifying & Escalating HTTP Host Header Injection attacks

InfoSec Write-ups - Medium-- The program does not release or incorrectly releases a resource before it is made available for re-use.the function fails to release a…Continue reading on InfoSec Write-ups » View original article on InfoSec Write-ups - Medium

InfoSec Write-ups - Medium-- Unlimited Balance in Alopeyk Account — Only for Study PurposeFigure1: Unlimited Balance in Alopeyk AccountAlopeyk (https://alopeyk.com/) is an Iranian Online Transportation Service. One of its famous services is the motorcycle service. Alopeyk is one of the most affordable transportation options in Iran. Anyone can download the Alopeyk app for iOS or Android and create an … Continue reading Unlimited Balance in Alopeyk Account — Only for Study Purpose

InfoSec Write-ups - Medium-- Welcome folks!! We are going to do Lian_Yu CTF on TryHackMe. It is a beginner level security CTF room and it is Arrowverse-themed CTF…Continue reading on InfoSec Write-ups » View original article on InfoSec Write-ups - Medium

InfoSec Write-ups - Medium-- Bypass front-end restrictions 2Bypass front-end restrictions lesson 2For this lesson we have to send a request bypassing the restrictions on the page, let’s go ahead and fill up and submit the formRequest on Burp HistoryRight, now that we have the request, let’s change it so it contains “non-allowed” dataAltered requestHere we have the same … Continue reading WebGoat Client Side lessons