HackerNight 2024: my first live hacking event
Review of my experience at the HackerNight live hacking event in RootedCON and how I got the first blood on one of the customers.
life hacking event hackernight rootedcon yogosha first bloodReview of my experience at the HackerNight live hacking event in RootedCON and how I got the first blood on one of the customers.
life hacking event hackernight rootedcon yogosha first bloodWriteup of the machine Diff3r3ntS3c from VulNyx.
vulnyx nmap web burpsuite arbitrary file upload ffuf directory listing command injection cronjobWriteup of the machine HackingStation from VulNyx.
vulnyx nmap web command injection gtfobins binary exploitationPartial disclosure of a bug bounty report: human 1 - sqlmap 0: defeating automation through manual exploitation.
web collaboration osint google dorking portswigger burpsuite 0iq sqlmap sql injection mysql bypassPartial disclosure of a bug bounty report: reflected XSS bypassing hidden input tag and auto-submit script in a form.
web osint amass httpx gau kxss burpsuite xss bypassPartial disclosure of a bug bounty report: subdomain takeover via unclaimed Azure VM.
web vps osint reconftw nuclei subdomain takeoverPartial disclosure of a bug bounty report: reflected XSS through POST request in a login form.
web osint amass httpx burpsuite portswigger xss sop corsPartial disclosure of a bug bounty report: reflected XSS in search filter clear button in an e-commerce website.
web osint amass httpx burpsuite portswigger xssPartial disclosure of a bug bounty report: TE.TE HTTP request smuggling obfuscating the TE header.
web osint amass httpx burpsuite burp scanner portswigger http request smuggling xssPartial disclosure of a bug bounty report: reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls.
web osint amass httpx gau kxss utm parameters burpsuite portswigger xss bypass