Using ProxyChains to proxy your Internet traffic.
- Hacking 16
- Insecure Deserialization 9
- Binary Exploitation 8
- System Security 7
- Bash Scripting 5
- SSRF 4
- CSRF 4
- Development 3
- Info Leak 2
How To Perform Pentest Recon Using GoBuster.
Learning to use Wireshark’s Command Line Tool: TShark
How to use Wireshark to capture network traffic.
The basics of finding And exploiting vulnerabilities using Metasploit.
How to get started hacking Android applications.
How to perform source code review to find vulnerabilities in web applications.
And how attackers bypass account lockout when brute-forcing passwords.
And how to hide executable PHP code in JPEG files.
Obtaining illegal data access using XPATH injections.
How race conditions compromise the security of financial sites.
Confuse, Spoof and Make Backdoors.
How to reconstruct source code from an exposed .git directory.
And why you should never reuse encryption keys!
And how attackers exploit common programming pitfalls to gain control.
How To Start With Security Capture The Flag Competitions.
Exploiting PHP deserialization vulnerabilities without unserialize().
Magic methods that can be used to kick start your RCE chain.
Don’t despair when you can’t RCE. How to achieve authentication bypass and SQL injection using PHP’s unserialize().
How PHP’s type comparison features lead to vulnerabilities, and how to avoid them.
Achieving RCE with POP chain exploits.
How PHP’s unserialize() works, and why it leads to vulnerabilities.
A totally unscientific analysis of deserialization vulnerabilities found in the wild.
Intro to PHP object injection vulnerabilities.
How attackers exploit Java Deserialization to achieve Remote Code Execution
How modern binaries protect against attacks and how these protections are bypassed.
And how modern binaries protect against attacks
And how attackers can bypass DEP to achieve code execution.
And how printing a string led to code execution?!!
And how the Heartbleed bug works!
And how a jammed laptop key led to code execution?!!
How To Patch Binaries For Hackers And Pen Testers.
Analyzing and Hacking Binaries with Ghidra.
Linux privilege escalation by exploiting SUDO rights.
Linux privilege escalation by exploiting an overprivileged process.
Linux privilege escalation by exploiting the SUID bit.
Learn about the Linux permission model and how it affects your system’s security.
Why you should not run Docker with the “privileged” flag.
How the incorrect use of port knocking can lead to system compromise.
How attackers can exploit misconfigured Cron permissions to gain root access.
Useful tips to up your Bash game.
Writing functions to simplify your script.
Using tests and loops in Bash.
Using variables and conditionals in Bash.
Using Bash Scripts To Automate Your Workflow.
A totally unscientific analysis of those SSRFs found in the wild.
There’s always more to do…
And how I got your company secrets.
And how your firewall failed you.
What SameSite by default means for the future of CSRFs.
Protection exists != not exploitable. No matter the obstacles, we’re gonna CSRF.
From CSRF to user information leak, XSS and full account takeover.
To change your password, password not required!
And why Application Security is like wearing masks.
Most of you know me as an offensive security gal. The fact that I decided to join a SAST team frankly surprised me as well.
Get your website up and running in minutes using Apache.
And maximize their impact while hunting for bugs.
And how to cause a massive data breach.