HackerNight 2024: my first live hacking event
Review of my experience at the HackerNight live hacking event in RootedCON and how I got the first blood on one of the customers.
life hacking event hackernight rootedcon yogosha first bloodReview of my experience at the HackerNight live hacking event in RootedCON and how I got the first blood on one of the customers.
life hacking event hackernight rootedcon yogosha first bloodWriteup of the machine Diff3r3ntS3c from VulNyx.
vulnyx nmap web burpsuite arbitrary file upload ffuf directory listing command injection cronjobWriteup of the machine HackingStation from VulNyx.
vulnyx nmap web command injection gtfobins binary exploitationPartial disclosure of a bug bounty report: human 1 - sqlmap 0: defeating automation through manual exploitation.
web collaboration osint google dorking portswigger burpsuite 0iq sqlmap sql injection mysql bypassPartial disclosure of a bug bounty report: reflected XSS bypassing hidden input tag and auto-submit script in a form.
web osint amass httpx gau kxss burpsuite xss bypassPartial disclosure of a bug bounty report: subdomain takeover via unclaimed Azure VM.
web vps osint reconftw nuclei subdomain takeoverPartial disclosure of a bug bounty report: reflected XSS through POST request in a login form.
web osint amass httpx burpsuite portswigger xss sop corsPartial disclosure of a bug bounty report: reflected XSS in search filter clear button in an e-commerce website.
web osint amass httpx burpsuite portswigger xssPartial disclosure of a bug bounty report: TE.TE HTTP request smuggling obfuscating the TE header.
web osint amass httpx burpsuite burp scanner portswigger http request smuggling xssPartial disclosure of a bug bounty report: reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls.
web osint amass httpx gau kxss utm parameters burpsuite portswigger xss bypassResearch on how to bypass the HttpOnly flag via the PHP info page to exfiltrate the user cookies during an XSS exploitation.
web burpsuite base64 metasploitable 2 xss exfiltrate cookies session hijacking php info page bypassPartial disclosure of a bug bounty report: time-based SQL injection in login form.
web osint leakix portswigger burpsuite sql injection mysql information_schema sqlmap php info pagePartial disclosure of a bug bounty report: reflected XSS bypassing HTML tag removal sanitization.
web osint amass httpx burpsuite gau kxss xss python bypass sanitizationReview of the eJPT (eLearnSecurity Junior Penetration Tester), certification of eLearnSecurity intended for students interested in obtaining the necessary training that a junior pentester should have.
certification elearnsecurity ejpt pentesting