Archives

2023

• 23 Jul (HTB) - BroScience
• 25 Mar (Portswigger/WebAcademy) - DOM-Based Cross-Site Scripting (XSS)
• 11 Mar (HTB) - Mentor
• 05 Mar (HTB) - Ambassador
• 04 Mar (HTB) - Awkward
• 04 Mar (HTB) - Photobomb
• 03 Mar (HTB) - Forgot
• 25 Jan (Portswigger/WebAcademy) - Stored Cross-Site Scripting (XSS)
• 15 Jan (Portswigger/WebAcademy) - DOM-based Vulnerabilities
• 15 Jan (Portswigger/WebAcademy) - Websockets
• 15 Jan (Portswigger/WebAcademy) - Insecure Deserialization vulnerabilities
• 15 Jan (Portswigger/WebAcademy) - Server-Side Template Injection vulnerabilities
• 15 Jan (Portswigger/WebAcademy) - Clickjacking vulnerabilities
• 15 Jan Simple Docker Tutorial
• 15 Jan (Portswigger/WebAcademy) - OAuth 2.0 authentication vulnerabilities
• 15 Jan (Portswigger/WebAcademy) - JWT Token Vulnerabilities

2022

• 21 Dec Vulnerable Lab by Tushar Kulkarni (@roottusk) - vAPI (writeup)
• 21 Dec Vulnerable Lab by OWASP - crAPI (Writeup)
• 21 Dec (Portswigger/WebAcademy) - Cross-Origin Resource Sharing (CORS)
• 12 Dec (Portswigger/WebAcademy) - Cross-Site Request Forgery (CSRF)
• 27 Oct (Portswigger/WebAcademy) - Web Cache Poisoning (Unkeyed Inputs)
• 27 Oct (Portswigger/WebAcademy) - XXE Injection
• 26 Oct (TryHackMe) - PWN101
• 24 Oct (Portswigger/WebAcademy) - Server-side request forgery (SSRF)
• 09 Oct File Upload Vulnerabilities
• 08 Oct Broken Access Control
• 07 Oct Information Disclosure
• 06 Oct Business Logic Vulnerabilities
• 04 Oct (Portswigger/WebAcademy) - Reflected Cross-Site Scripting (XSS)
• 03 Oct OS Command Injection
• 02 Oct Directory Traversal
• 30 Sep Vulnerable Password Reset
• 30 Sep Vulnerable Username-Password Authentication
• 30 Sep Multi-Factor Authentication (MFA)
• 30 Sep Other vulnerable Authentication Mechanismus
• 30 Sep Blind SQL Injection
• 22 Sep (HTB) - Script Kiddie
• 22 Sep (HTB) - Academy
• 22 Sep (HTB) - Reel2
• 22 Sep (HTB) - Luanne
• 17 Sep (HTB) - StreamIO
• 15 Sep Bucket
• 12 Sep (HTB) - Time
• 12 Sep (HTB) - Tenet
• 12 Sep Sharp
• 12 Sep Ready
• 26 May (BTLO/Investigation) - Phishy v1
• 25 May (BTLO/Challenge) - The Planet's Prestige / Email Analysis
• 23 May (BTLO/Challenge) - Suspicious USB Stick
• 23 May (BTLO/Challenge) - Network Analysis - Web Shell
• 23 May (BTLO/Challenge) - Memory Analysis - Ransomware
• 22 May (BTLO/Investigation) - Total Recall
• 19 May (BTLO/Challenge) - Malicious PowerShell Analysis
• 08 Apr (BTLO/Security Operations) - Defaced
• 08 Apr Miner
• 08 Apr (BTLO/Investigation) - Pretium
• 01 Apr (BTLO/Investigation) - Bad Logic
• 14 Mar Anubis

2021

• 25 Dec Driver
• 25 Dec Worker
• 25 Dec LogForge
• 25 Dec Bitlab
• 25 Dec Installing Splunk Enterprise on CentOS 7 and Universal Forwarder on Windows with Sysmon
• 25 Dec Using Chisel
• 25 Dec LOG4J Exploit - Revese Shell (CVE-2021-44228)
• 25 Dec Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
• 11 Jan Jewel
• 11 Jan JSON
• 11 Jan Doctor