Mirza Mansoor Ali Baigmirza14.hashnode.dev·May 1, 2024Conquering the SANS GWAPT Exam: A Personal JourneyThis is my personal journey that I'm sharing on how I managed to pass the exam. I made sure to understand the exam objectives, sections, and sub-sections, and determine how many days I needed to prepare for the course and take the exam. I started pre...Discuss·31 readsgwapt
0xiNPro0xshin.hashnode.dev·Apr 24, 2024SQL Injection Types Supported by SQLMap - SQL Map 01Objective: To provide a detailed, step-by-step guide on the various SQL injection types supported by SQLMap, enabling learners to understand and identify each type effectively. Introduction to SQLMap SQLMap is a powerful penetration testing tool for...DiscussCPTS Journeysqlmap
Yas NEGforHaysecblog.haysec.com·Apr 23, 2024CVE-2024-3400 PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtectDescription A vulnerability in the GlobalProtect feature of specific versions of Palo Alto Networks PAN-OS software, due to arbitrary file creation, could allow an unauthenticated attacker to execute arbitrary code with root privileges on the affecte...Discuss·1 likevulnerability
Sergio Medeirosgrumpz.net·Apr 22, 2024Uncovering an SSRF Vulnerability in PDFMyURL Affecting Numerous UsersWhile enumerating the scope of a target on a private bug bounty program, I came across a subdomain used for generating PDF files. However, it seemed out-of-scope as they were simply white labeling a service called PDFMyURL, which lets you convert any...Discuss·10 likes·986 readsMy Security Researchbugbounty
0xiNPro0xshin.hashnode.dev·Apr 20, 2024SQLi Series - Database Enumeration I - 05The process of gathering information about the database using SQL queries within SQL injections Involves identifying the DBMS type, available databases, tables, and columns Crucial for properly forming SELECT queries to extract data Prerequisi...DiscussCPTS Journeypentesting
0xiNPro0xshin.hashnode.dev·Apr 19, 2024SQLi Series - Intro to SQL Union Injection II - 041.Understanding Union-Based SQL Injection a) Explanation: Union-based SQL injection allows attackers to retrieve data from different tables within the database by appending a UNION SELECT statement to the original query. The UNION operator combines...DiscussCPTS Journeypentesting
Sky Davispayloadgiovanni.hashnode.dev·Apr 12, 2024Hydra-Password Hacking (Tryhackme Write Up)It's been awhile since I've done a TryHackMe room but I'm back ! I'm currently in school for Cyber Crime and Digital Investigations , however how can I solve a cyber crime if I don't know how criminal think ? Pentesting will give me the critical thin...Discusspentesting
0xiNPro0xshin.hashnode.dev·Apr 11, 2024SQLi Series - Intro to MySQL and SQL Injection - 01What is MySQL? MySQL is a popular open-source relational database management system (RDBMS) that uses Structured Query Language (SQL). SQL Injection SQL Injection is a code injection technique that exploits vulnerabilities in the database layer of an...DiscussCPTS Journeymysql tutorial
Jeremiah Liscummrliscum.com·Apr 10, 2024Subdomain Reconnaissance Made EasyThe information gathering phase of penetration testing is probably the most important part. This is where we build our understanding of the target, and get a general idea of how we may wish to attack. Subdomain reconnaissance is a critical skill to h...Discuss·42 readsWeb Development
0xiNPro0xshin.hashnode.dev·Apr 10, 2024Bruteforce Series - Bruteforce attack SSH and FTP - 03SSH Attack Overview Objective: Understand and execute a brute force attack on an SSH service using Hydra. Key Concepts and Skills Brute Force Attack: An attempt to crack passwords or keys through trial and error. Hydra: A powerful, multi-platform t...Discuss·76 readsCPTS Journeybruteforceattack