Cyber Security Blogs

PortSwigger- Blind-Based SQL Injection- I

In this blog, we will understand one of the most identifiable and difficult types of SQL Injection vulnerability. It is Blind SQL Injection. We will learn about the same using PortSwigger platform. Let’s begin the blog and understand the meaning of blind SQL injection vulnerability. Blind SQL injection vulnerabilities are those where we send a malicious SQL query to the server but we don’t receive any direct output in the response.

PortSwigger- Blind-Based SQL Injection- I Read More »

Examining the database using Union based SQL injection on PortSwigger

PortSwigger- Examining the Database using Union-based SQL Injection

Write-ups, PortSwigger

Hello folks, This blog will be based on Examining the Database using Union-based SQL Injection vulnerabilities. We will understand how we can get the database version and information related to tables and columns present in the database. We will explore the same on the PortSwigger platform. We have discussed the basics of Union-based SQL injection

PortSwigger- Examining the Database using Union-based SQL Injection Read More »

Union based SQL Injection on Portswigger

PortSwigger- Union-Based SQL Injection

Write-ups, PortSwigger

This blog delves into SQL Injection, a highly significant vulnerability. We’ll explore various types of SQL Injection and learn how to detect and leverage them through diverse methodologies. Specifically, we’ll focus on Union-based SQL injection utilizing the PortSwigger platform, renowned for its top-notch resources addressing web application vulnerabilities.

PortSwigger- Union-Based SQL Injection Read More »

TryHackMe- Clocky

Write-ups, TryHackMe

This blog offers a step-by-step guide for navigating through the recently introduced machine, “Clocky,” on TryHackMe. Classified as a Medium-level challenge, it aims to familiarize you with the process of detecting misconfigurations on Linux-based web servers using an array of penetration testing tools and methods. Let’s dive in promptly and commence the penetration procedure.

TryHackMe- Clocky Read More »

Broken Access Control advanced Portswigger

PortSwigger- Broken Access Control | Advanced

Write-ups, PortSwigger

This blog delves into the advanced realm of Broken Access Control vulnerability, emphasizing Insecure Direct Object References and Multi-step processes lacking access control in a single step. Both vulnerabilities will undergo comprehensive examination through practical labs.

PortSwigger- Broken Access Control | Advanced Read More »

PortSwigger- Broken Access Control | Horizontal Privilege Escalation

Write-ups, PortSwigger

This blog delves into the recognition and utilization of “Horizontal Privilege Escalation,” a form of Broken Access Control vulnerability. Horizontal access controls are systems designed to limit access to resources to particular users. Through horizontal access controls, diverse users gain access to a subset of resources of a similar kind. If you’re interested in learning more about Broken Access Control, including another type known as vertical privilege escalation, check out our previous blog post titled “Vertical Access Control.”

PortSwigger- Broken Access Control | Horizontal Privilege Escalation Read More »

PortSwigger- Broken Access Control | Vertical Privilege Escalation

Write-ups, PortSwigger

Hello folks, This blog focuses on the identification and exploitation of Broken Access Control vulnerability. We will be providing a detailed walkthrough of PortSwigger’s labs which you can access on the PortSwigger. We will be providing a detailed writeup covering this vulnerability in three categories. So in this blog, we will be covering the first

PortSwigger- Broken Access Control | Vertical Privilege Escalation Read More »

HackTheBox- Headless

Write-ups, HackTheBox

Explore the ‘Headless’ machine challenge on HackTheBox, ideal for beginners eager to hone Linux system penetration skills. Gain valuable experience and assessment in conducting penetration tests on Linux servers. Dive into this beginner-friendly challenge for a rewarding learning journey.

HackTheBox- Headless Read More »

Certified Ethical Hacker (CEHv12) Practical Exam

Generic

Get expert insights on navigating the Certified Ethical Hacker (CEHv12) Practical exam efficiently. Discover essential tools, techniques, and strategies tailored for success. Our comprehensive explanations ensure clarity on every aspect, eliminating the need for additional resources. Master the exam with confidence.

Certified Ethical Hacker (CEHv12) Practical Exam Read More »

PortSwigger- Advanced DOM-based XSS

Write-ups, PortSwigger

This blog explores how to detect and take advantage of DOM-based Cross-site Scripting (XSS) vulnerabilities found in websites that utilize third-party dependencies. It also analyzes these vulnerabilities in relation to reflected and stored XSS scenarios. Practical exercises will be carried out using the PortSwigger platform.

PortSwigger- Advanced DOM-based XSS Read More »