InR3d Buck3TbyNairuz AbulhulVirtual Host Enumeration for Uncovering Hidden SubdomainsTools and Techniques for efficient virtual host discoveryNov 28, 2023Nov 28, 2023
InR3d Buck3TbyNairuz AbulhulCross-Origin Resource Sharing (CORS) Testing GuideIdentifying CORS Vulnerabilities: Common Attack Vectors and Mitigation StrategiesMar 3, 20232Mar 3, 20232
InR3d Buck3TbyNairuz AbulhulThings I learned this week about Log4JShell VulnerabilityJava JNDI Injection, Log4J library, Log4Shell — CVE-2021–44228Dec 17, 20211Dec 17, 20211
InR3d Buck3TbyNairuz AbulhulRCE with Server-Side Template InjectionPython Flask Application with Jinja2 Template — Doctor HTB machineNov 20, 2021Nov 20, 2021
InR3d Buck3TbyNairuz AbulhulEval(“console.log(‘RCE Warning’)”)Remote Code Execution in Node.js using the Eval function — DibbleOct 31, 2021Oct 31, 2021
InR3d Buck3TbyNairuz AbulhulXSS to Exfiltrate Data from PDFsInject Server-Side XSS into dynamically generated PDFsJul 3, 2021Jul 3, 2021
InR3d Buck3TbyNairuz AbulhulError-Based XPath SQL Injection in OpenEMRData Exfiltration in OpenEMR 2018 v5.0.1Nov 16, 2020Nov 16, 2020
InR3d Buck3TbyNairuz AbulhulInsecure Deserialization with JSON .NETRemote Code Execution through Insecure Deserialization VulnerabilityNov 26, 2020Nov 26, 2020
InR3d Buck3TbyNairuz AbulhulDigging into Local File InclusionBasic methodology to approach LFI vulnerability when Pentesting a Web ApplicationJun 21, 2020Jun 21, 2020
InR3d Buck3TbyNairuz AbulhulExploiting Remote File Inclusion with SMBRecently working on the Sniper machine on hack the box, I came across a technique of exploiting a remote file inclusion on a PHP…Dec 29, 20201Dec 29, 20201
InR3d Buck3TbyNairuz AbulhulWhat to do with XXE Vulnerability ?!!Enumeration, Data Exfiltration, and SSRF AttacksJan 14, 2021Jan 14, 2021
InR3d Buck3TbyNairuz AbulhulTop 10 Tips for Burp SuiteCollection of useful features in Burp Suite ApplicationFeb 21, 2021Feb 21, 2021
InR3d Buck3TbyNairuz AbulhulBypass Authentication with SQL Truncation AttackInjection Attacks, SQL Truncation, OWASP Top 10Jun 23, 2021Jun 23, 2021
InR3d Buck3TbyNairuz AbulhulSingle Sign-On vs. FederationA simple explanation of the difference between Single Sign-On and Federated AuthenticationMay 18, 2020May 18, 2020
InR3d Buck3TbyNairuz AbulhulTarget:_blank → Tabnapping AttackWhy should we care !! How to leveraging this flaw in social engineering attacks?Jun 11, 2020Jun 11, 2020
InR3d Buck3TbyNairuz AbulhulQuick view on Basic vs Digest AuthenticationsBasic authentication: is an HTTP supported authentication. It relies on the User-Agent [browser] to provide the username and password…May 10, 2020May 10, 2020
