Most of the Bug Hunters follow different methods to perform Bug Bounty recon it starts with enumerating subdomains of the target scope and scans them for common misconfigurations and vulnerabilities but what most of the…
Discovering Security flaws in Applications, API and Network Infrastructure
Most of the Bug Hunters follow different methods to perform Bug Bounty recon it starts with enumerating subdomains of the target scope and scans them for common misconfigurations and vulnerabilities but what most of the…
BugCrowd Hosted a LevelUp0x07 CTF in the month of August 2020 which was a web and Android-based capture the flag challenge to actively exploit the web and mobile applications and collect all the flags. Each…
Oouch is a Hard Box Linux Box from HackTheBox which basically comprises of Exploiting OAuth without any CSRF Token Validation then stealing Cookie via CSRF (Cross-Side Request Forgery) where URL is fetched in contact admin…
Before we begin with JSON CSRF we need to nail down the Fundamentals of traditional CSRF and JSON based CSRF. What is CSRF? CSRF is Cross-Site Request Forgery vulnerability which can be used to force…
Summary: Sauna is an Easy Machine from HackTheBox which is based on Active Directory. We would be using various tools for exploitation such as Python Collection Impacket and Evil WinRM. The Initial Foothold of this…