Content Type Forcing – The XSS you may have missed.
~#: Introduction It is pretty well known that some Cross Site Scripting vulnerabilities can be browser depended. For example in
Continue reading
Certified Red Team Operator – Review
What is #RTO? Red Team Operator is a new course offered by Zero Point Security created by Daniel Duggan, AKA
Continue reading
Exploiting File Uploads Pt. 2 – A Tale of a $3k worth RCE.
#TL;DR; In this post I show how I was able to find a Remote Code Execution vulnerability on a private
Continue reading
Exploiting File Uploads Pt. 1 – MIME Sniffing to Stored XSS #bugbounty
Some tips and tricks on exploiting Image File Uploads to achieve Stored XSS.
Continue reading
Offensive Security Certifications Review
As you may have read in my about page, I am OSCP and OSCE. I took OSCP back in 2015,
Continue reading
Recent Comments