Bypassing HSTS restriction to enable usage of Burpsuite on Firefox

Often pentesters come across websites that are protected by HSTS where using burpsuite as a proxy causes the application to not load on the browser at all throwing an error as below.   One of the given solutions is to… Continue Reading

[VulnHub] 64Base Boot2Root

Hi guys back again with another walkthrough, i successfully managed to crack [VulnHub] 64Base Boot2Root so lets head on and see how the CTF is played. [VulnHub] 64Base Boot2Root Introduction to the machine and the owner: This is my very… Continue Reading

Vulnhub – Skydog 2016 Walkthrough

Vulnhub Walkthrough – Skycon – Catch me if you can The Vulnerable machine can be downloaded from here: https://www.vulnhub.com/entry/skydog-2016-catch-me-if-you-can,166/ Lets have an understanding of the hints given to us . SkyDog Con CTF 2016 – Catch Me If You Can… Continue Reading

Vulnhub Hack-a-Day Albania

Vulnhub HackDay: Albania Walkthrough for Hackday Albania ,  the vulnerable image can be downloaded from vulnhub : – https://www.vulnhub.com/entry/hackday-albania,167/ The image is hosted on the Virtual Box with VirtualBox Host-Only Adapter. Walkthrough:- We will begin with the reconnaissance phase. Fire… Continue Reading

0day discovery System level access by Privilege Escalation of Huawei manufactured Airtel & Photon Dongles

  A few months back i found a vulnerability in Huawei Manufactured dongles that were run by Airtel and Photon datacards below is the detail for the same. Huawei Unified Terminal PC suite (UTPS), also known as Mobile Partner, runs… Continue Reading

Presentation on Windows Privilege Escalation at Null Delhi

Recently I gave a presentation on Windows Privilege Escalation Tips and Tricks. Here is a slideshare . Click here Cheers.

Msfvenom Cheat Sheet

For those who are new to msfvenom , please have a look at the Wiki : Here A quick custom cheatsheet for creating payloads using msfvenom. Major chunk of work happens around these payloads.For more info refer: (Note: RHOST is… Continue Reading

Linux Privilege Escalation Cheat Sheet

The same has been taken from one of the github repos and pentestmonkey. pentestmonkey is a very informative check it out. Here is a Linux Priv Esc Cheat Sheet. // Determine linux distribution and version cat /etc/issue cat /etc/*-release cat… Continue Reading

Vulnerable Web Application for Testing

Testers always wanted a ground to learn and prosper with their testing methodologies, but there was always a problem as to how and where to test or learn. Following are a list of Vulnerable web applications and Mobile applications that… Continue Reading

Must follow Security Podcasts

Podcasts are a great thing to improve your awareness of what’s happening currently in the market, here are a few podcasts from the security perspective that one should follow. Before i mention the list of Podcasts, I recommend that you… Continue Reading