This lab uses a JWT-based mechanism for handling sessions. Due to implementation flaws, the server doesn’t verify the signature of any JWTs that it receives. To solve the lab, modify your sess...
This lab is vulnerable to DOM XSS via client-side prototype pollution. This is due to a gadget in a third-party library, which is easy to miss due to the minified source code. Although it’s techn...
Summary Brick Heist by TryHackMe is an easy-rated machine that starts with exploiting a remote code execution (RCE) vulnerability in an outdated WordPress theme. After gaining access, the remaining...
This lab is vulnerable to DOM XSS via client-side prototype pollution. Although the developers have implemented measures to prevent prototype pollution, these can be easily bypassed. To solve the ...
This lab is vulnerable to DOM XSS via client-side prototype pollution. To solve the lab: Find a source that you can use to add arbitrary properties to the global Object.prototype. Identify a g...
This lab is vulnerable to DOM XSS via client-side prototype pollution. To solve the lab: Find a source that you can use to add arbitrary properties to the global Object.prototype. Identify a g...
Summary RemoteBinge is an easy difficulty CTF on Hacking Hub that involves abusing file upload functionality to get RCE in a PHP application. CTF Website Landing Page After trying to upload...
Description It’s now been 2 years of working in cyber security, and I’m writing this blog to reflect on what I’ve learned during my second year. If you haven’t already, check out my 1st-Year-Worki...
Description I graduated on May 1st, 2022, with a bachelor’s degree in computer science, specializing in cybersecurity. Ironically, I began studying cybersecurity even more after graduating. This wa...
Description The Bug Bounty Hunter Job Role Path is designed for individuals who want to enter the world of bug bounty hunting with little to no prior experience. This path covers core web applicati...