Hi everyone! I'm Shreya Pohekar Agrawal, currently working as a Security Researcher at Microsoft. But my journey into cybersecurity didn’t start here-- Back in college, I was equally drawn to both development and security—and choosing between the two wasn’t easy. But after some exploration, I realized I didn’t have to pick just one. I chose to begin my journey as a developer…
In Part 1 of the CSP series, we explored how CSP plays a major role in mitigating XSS and clickjacking attacks. Now that you're familiar with the basics of setting up a CSP and its importance, let's take it one step further. Today, we'll dive into two powerful CSP techniques: nonces and hashes. These allow us to safely run specific inline scripts…
Content Security Policy (CSP) is a powerful browser mechanism designed to prevent and mitigate common web vulnerabilities such as Cross-Site Scripting (XSS) and Clickjacking. CSP allows developers to specify which sources of content are trusted by the application. This guide will walk you through how CSP works, and how to use it to protect against Clickjacking with frame-ancestors. Real-world examples and practical…
Welcome to Part 2 of the CSRF series!While spotting CSRF vulnerabilities during testing or bug bounties is often straightforward, have you ever paused to think about what really happens behind the scenes when implementing mitigations? In Part 1, we explored the fundamentals of Cross-Site Request Forgery (CSRF), why it's dangerous, and how browsers now defend against it using mechanisms like SameSite cookies…
Hi everyone, I’m Shreya, and today I want to shed light on some lesser-discussed aspects of Cross-Site Request Forgery (CSRF). While identifying CSRF vulnerabilities during security assessments or bug bounties can often be straightforward, effectively mitigating them requires a deeper understanding of browser behavior, HTTP methods, and secure token handling. In this blog, I’ll share my learnings on how CSRF attacks actually…
In the fast-moving world of web applications, caching plays a pivotal role in ensuring quick and efficient content delivery. However, as with most technologies, it comes with its own set of vulnerabilities. One of the most insidious threats in this realm is cache poisoning. This subtle yet powerful attack can manipulate what users see, disrupt functionality, and lead to severe security and…
Bug bounty programs have revolutionized the world of cybersecurity, enabling organizations to tap into the collective expertise of security researchers worldwide. As security researchers diligently identify and report vulnerabilities, they eagerly await the outcomes of their submissions. While many reports receive the coveted “resolved” status or a generous bounty, some find themselves closed out as “informative.” In this blog, we will explore…
- [ ] Deliver a talk at Nullcon Are you wondering what this is? This was one of the to-dos I defined for myself in the new year's resolutions! Well new year's resolutions are something that just motivates us till end of Jan! However, this time I managed to get it done❤️ Nullcon 2022 was my 2nd Nullcon and 1st time as…
This post contains the OSINT challenges created as part of Winja CTF, Nullcon Goa 2022.
This post contains the web challenges created by me in winja ctf 2022.
This post is contains the talk slides and the demo videos that we presented in Nullcon Goa 2022.
Hey there!!! This post is all about the solutions to the CTF challenges I created for Winja CTF - berlin edition. The category for the challenges is Cloud. If you are not aware, the challenges for this CTF were based on the money heist theme. Hence all the challenge description or context will be referring to money heist. Challenge 1 - The…
The post is a walkthrough on how to configure ssl on linux instances. This can also be helpful when exploiting CORS.
The post disccuss around the basics of OAUTH and how to hunt for OAUTH vulnerabilities like leaking tokens, abusing redirect URI, absense of state parameter.
The post covers various techniques by which sensitive data can be exfilterated using out of band interaction in XXE