- [ ] Deliver a talk at Nullcon Are you wondering what this is? This was one of the to-dos I defined for myself in the new year's resolutions! Well new year's resolutions are something that just motivates us till end of Jan! However, this time I managed to get it done❤️ Nullcon 2022 was my 2nd Nullcon and 1st time as…
This post contains the OSINT challenges created as part of Winja CTF, Nullcon Goa 2022.
This post contains the web challenges created by me in winja ctf 2022.
This post is contains the talk slides and the demo videos that we presented in Nullcon Goa 2022.
Hey there!!! This post is all about the solutions to the CTF challenges I created for Winja CTF - berlin edition. The category for the challenges is Cloud. If you are not aware, the challenges for this CTF were based on the money heist theme. Hence all the challenge description or context will be referring to money heist. Challenge 1 - The…
The post is a walkthrough on how to configure ssl on linux instances. This can also be helpful when exploiting CORS.
The post disccuss around the basics of OAUTH and how to hunt for OAUTH vulnerabilities like leaking tokens, abusing redirect URI, absense of state parameter.
The post covers various techniques by which sensitive data can be exfilterated using out of band interaction in XXE
XXE remains amongst the one with a critical score on the severity perspective. Why? Being able to read server's sensitive files is where the victim can be fully compromised.
Docker can never replace a VM but it has got its own special benefits. know more about the docker features
Hey everyone! This blog post covers writeups of the challenges that were created by me as part of WinjaCTF 2021. WinjaCTF is an initiative by Nullcon and it organises CTF annually. Read about my experience at first nullcon here The challenges created by me were : pieceofpie, junk, art gallery, find me, binarybits, Redeem me. I will be giving a detailed writeup…
It was my first Nullcon Training and It was a super-amazing experience. In the blog, I have mentioned about the happenings of all the 4 days. Do check it out.
Doctor is an easy linux machine from hackthebox. The initial foothold exploits SSTI/XSS and with splunkd you get the privilege escalation
Ghoul is a hard linux machine from hackthebox The privilege escalation exploits the gogs vulnerability and ssh-agent's sign-on mechanism to get the root.
Ghould is a hard linux machine from hackthebox. Find the machine in the retired section.