Thumbnail image

TESTING VELOCITY SERVER-SIDE TEMPLATE INJECTION

Velocity is a Java-based templating engine which executes server-side to craft complex layouts.

Thumbnail image

EXPLOITING PYTHON PICKLE

Hack the Box is a known platform containing a set of security challenges and in this instance, we will cover solving of a subsection of the retired ‘Canape’ box, consisting of a remote code execution by abusing insecure deserialization of Python Pickle.

Thumbnail image

EXPLOITING A NODEJS SSH SERVER WITH CVE-2018-10933

This a vulnerability in ‘libssh’ before versions 0.7.6 and 0.8.4 which allows an attacker to circumvent SSH authentication.

NEW BLOG

Hello everyone, I officially inaugurate my new blog with a useless post, mainly for testing purposes and to waste some time playing around.