What is Frida? It is a dynamic instrumentation toolkit, Frida is used by testers to test security of mobile application, Frida is used to inject our JavaScript code to a application. Installing frida in kali linux: Prerequisite : Kali linux You can use command- Pip install frida-tools to install frida on kali If that doesn’t […]
Bug bounty hunting is a lucrative and challenging skill where ethical hackers identify and report security vulnerabilities in organizations’ systems. With proper techniques and strategies, you can increase your chances of discovering high-impact bugs and earning substantial rewards. This guide will walk you through the entire bug bounty process like a pro. Step 1: Choose […]
Hello everyone! I am really happy to announce that I got my first valid bug from a target, and not only that, I uncovered two bugs from that target. So in this blog, I am going to talk about those two bugs. First bug I found this bug as accdential. I will check source page […]
When it comes to cloud security, Amazon Web Services (AWS) is a prime target for penetration testers and malicious actors alike. AWS provides powerful cloud-based infrastructure to organizations across the globe, but it can also present numerous security challenges if not properly secured. One such tool designed for AWS exploitation is PACU (Privileged Access Cloud […]
Imagine a major online retailer. A sneaky hacker exploits a flaw. They sneak malicious code into the system. They access sensitive customer data. All because of a vulnerability: insecure deserialization. This weakness can cripple businesses. It exposes them to data breaches and system compromise. Deserialization is like unpacking a box. It changes data from a […]
Tor, short for “The Onion Router,” is a free and open-source software project aimed at enabling anonymous communication. It directs Internet traffic through a worldwide volunteer overlay network consisting of thousands of relays to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis. The name “onion routing” refers to the […]
What is Cross- site scripting? Cross- Site Scripting is a type of vulnerability commonly found in web applications. In XSS attacks, a malicious actor injects malicious scripts, typically JavaScript, into web pages By client- side. These scripts can then execute in the context of the victim’s browser, allowing the attacker to steal session tokens, logs […]
Offensive Security offers free lab machines under their Proving Grounds library that I find super helpful to prepare for the OSCP. I will be walking you through my experience with an “easy” level machine called FunboxRookie. START THE LAB :- 1. Open lab and take the ip 2. Scanning the ip using nmap […]
Introduction :- APIs allow different software systems to communicate and exchange data. Testing APIs is crucial because weaknesses in APIs can compromise a website’s security. Dynamic websites use APIs, so common web security issues like SQL injection can also apply to API testing. In this guide, we’ll focus on testing APIs that may not be […]
When it comes to web security, there are numerous vulnerabilities that can put users and websites at risk. One such vulnerability is Server-Side Template Injection (SSTI). In this post, we’ll break down what SSTI is, what is Templates, Types of template engines, how it works, Lab practical example and how to protect your site from […]
