Information Security / OWASP top 10 / Web application

Exploiting Cache: 20 Headers That Makes your Web App vulnerable to Cache Poisoning

In the fast-moving world of web applications, caching plays a pivotal role in ensuring quick and efficient content delivery. However, as with most technologies, it comes with its own set of vulnerabilities. One of the most insidious threats in this realm is cache poisoning. This subtle yet powerful attack can manipulate what users see, disrupt functionality, and lead to severe security and…

0 Comments

September 18, 2024

Information Security

The informative findings: What Not to Submit on Bug Bounty Platforms

Bug bounty programs have revolutionized the world of cybersecurity, enabling organizations to tap into the collective expertise of security researchers worldwide. As security researchers diligently identify and report vulnerabilities, they eagerly await the outcomes of their submissions. While many reports receive the coveted “resolved” status or a generous bounty, some find themselves closed out as “informative.” In this blog, we will explore…

1 Comment

September 16, 2024

Conference / Information Security

My First Nullcon as a Speaker!

- [ ] Deliver a talk at Nullcon Are you wondering what this is? This was one of the to-dos I defined for myself in the new year's resolutions! Well new year's resolutions are something that just motivates us till end of Jan! However, this time I managed to get it done❤️ Nullcon 2022 was my 2nd Nullcon and 1st time as…

0 Comments

September 14, 2022

Conference / CTF / Information Security

Winja CTF @ Nullcon Goa 2022 – Osint Challenges Writeup

This post contains the OSINT challenges created as part of Winja CTF, Nullcon Goa 2022.

0 Comments

September 13, 2022

CTF / Information Security

Winja CTF – Web Challenges Solutions – Nullcon Goa 2022

This post contains the web challenges created by me in winja ctf 2022.

0 Comments

September 12, 2022

Conference / Information Security

Raining CVEs on WordPress Plugin via Semgrep – Nullcon Goa 2022 Slide deck

This post is contains the talk slides and the demo videos that we presented in Nullcon Goa 2022.

0 Comments

September 12, 2022

Cloud / CTF / Information Security

Winja CTF – Nullcon Berlin Edition – Solutions

Hey there!!! This post is all about the solutions to the CTF challenges I created for Winja CTF - berlin edition. The category for the challenges is Cloud. If you are not aware, the challenges for this CTF were based on the money heist theme. Hence all the challenge description or context will be referring to money heist. Challenge 1 - The…

0 Comments

May 6, 2022

linux / Web application

How to configure SSL on EC2 instance for free

The post is a walkthrough on how to configure ssl on linux instances. This can also be helpful when exploiting CORS.

0 Comments

December 7, 2021

Information Security / OWASP top 10 / Web application

Here is how to hunt for OAUTH vulnerabilities

The post disccuss around the basics of OAUTH and how to hunt for OAUTH vulnerabilities like leaking tokens, abusing redirect URI, absense of state parameter.

0 Comments

July 7, 2021

Information Security / OWASP top 10 / Web application

Blind XXE attacks – Out of band interaction Techniques (OAST) to exfilterate data

The post covers various techniques by which sensitive data can be exfilterated using out of band interaction in XXE

1 Comment

April 24, 2021

Information Security / OWASP top 10 / Web application

XXE Simplified: The concept, Attacks and Mitigations

XXE remains amongst the one with a critical score on the severity perspective. Why? Being able to read server's sensitive files is where the victim can be fully compromised.

0 Comments

April 14, 2021

Cloud / Information Security

The docker cheatsheet: Doing things the docker way

Docker can never replace a VM but it has got its own special benefits. know more about the docker features

2 Comments

March 20, 2021

CTF / Information Security / Uncategorized

WinjaCtf 2021 solutions

Hey everyone! This blog post covers writeups of the challenges that were created by me as part of WinjaCTF 2021. WinjaCTF is an initiative by Nullcon and it organises CTF annually. Read about my experience at first nullcon here The challenges created by me were : pieceofpie, junk, art gallery, find me, binarybits, Redeem me. I will be giving a detailed writeup…

1 Comment

March 12, 2021

Cloud / Information Security

My experience with Nullcon Training – Hacking and Securing Kubernetes clusters by Madhu

It was my first Nullcon Training and It was a super-amazing experience. In the blog, I have mentioned about the happenings of all the 4 days. Do check it out.

0 Comments

March 4, 2021

HackTheBox / Information Security / linux / python

Doctor hackthebox walkthrough

Doctor is an easy linux machine from hackthebox. The initial foothold exploits SSTI/XSS and with splunkd you get the privilege escalation

0 Comments

January 12, 2021