Web Hacking

Videos and writeups about web security and web challenges. I hope you will find them useful. In case of advice, feel free to contact me.

• WAF bypass and vulnerability chain exploiting parser differentials - WAFfle-y Order [HackTheBox]
  2023, 12 April

• Finding SSTI in an EJS app using existing exploits and undocumented features - valentine [hxp 2022]
  2023, 28 March

• Exploit Arbitrary Deserialization through Blind SQL Injection - Elf Resources [X-MAS CTF 2022]
  2022, 21 December

• Exploit Zip Slip vulnerability in python tarfile - slippy [HackTheBox]
  2022, 25 April

• Bypassing addslashes() using format string to get SQL Injection - baby sql [HackTheBox]
  2021, 28 September

• Pickle Insecure Deserialization - baby website rick [HackTheBox]
  2021, 1 September