Defeating custom password reset tokens

This blog post presents a detailed analysis of two successful account takeover scenarios resulting from vulnerabilities in a forgot password implementation. I explore techniques involving anti-tampering token prediction and time-based/sandwich attacks.

May 16, 2023 Articles & Writeups, Web Hacking

How to set up an Android Penetration Testing Lab from scratch

In this post, we explore different ways to create a fully working environment for Android Penetration Testing and we create our setup using the SDK provided by Google (without installing Visual Studio). Then, we set up the environment to allow communication between Android Virtual Devices and any other VMs. Finally, we explore how to import custom user certificates to intercept HTTPS requests on any version of Android.

Apr 30, 2023 Articles & Writeups, Android

WAF bypass and vulnerability chain exploiting parser differentials

HackTheBox "WAFfle-y_Order" wirteup is now available!

Apr 12, 2023 Articles & Writeups, Web Hacking

Finding SSTI in an EJS app using existing exploits and undocumented features

hxp 2022 "valentine" wirteup is now available!

Mar 28, 2023 Articles & Writeups, Web Hacking

HackTheBox - Blunder

Improved skills: Wordlist customization Python coding CVE Research Manual Exploitation Configuration file review Used tools: nmap gobuster cewl Burp Suite crackstation.net...

Mar 28, 2023 Articles & Writeups, HackTheBox