Write Ups

In this write up, we’ll show you how to identify and exploit LFI Vulnerabilities. We will also discuss their impact and how to mitigate them with examples.

In this article, we’ll demonstrate practical methods for detecting and exploiting Cross-Site Scripting (XSS) injections. These techniques can be applied during source code security reviews to enhance speed and accuracy in your methodology, benefiting both security professionals and bug bounty hunters.

Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.Reading Time: 8 MinutesIntroduction Command Injection or OS command Injection is a category of injection vulnerabilities. It allows an attacker to execute arbitrary operating...

In this article we’ll discuss and demonstrate how improper error handling can be exploited in Web Applications. We’ll also discuss how various types of error handling can introduce various types of attack vectors.

In this article, we’ll explain some of the most common and uncommon types of SQL Injection. We’ll also discuss how these attacks can impact your company and your customers, and show you the measures you need to take to mitigate and minimize such risks.

In this article, we will showcase how to effectively use Google Dorking to uncover hidden and sensitive information on websites. Google Dorking enables security researchers to proactively discover and address potentially sensitive information that might not be intended for public access.

Security misconfigurations in Linux systems occur when necessary security controls are not properly implemented for servers or web applications. In this article, we’ll emphasize the importance of detecting and addressing misconfigurations through practical examples and tools like Nmap and the Metasploit Framework.

In this article, we’ll explore the pervasive presence and potential risks associated with QR codes in daily life. We’ll discuss the ease with which malicious QR codes can be created, either manually or through specialized tools, allowing attackers to embed harmful payloads. A tutorial its included, emphasizing its role in creating various types of malicious QR codes for security testing purposes.

In this article, we’ll demonstrate red team tactics for uncovering hidden secrets on websites. Despite security layers that companies deploy, such as Cloudflare WAF and next-generation firewalls, attackers can exploit sensitive information embedded in code, such as API keys and tokens.