Strap in and get prepared for takeoff! The Aviator game on Spinmatch isn’t just a game; it’s a thrilling experience. One minute you're on cloud 9, and the next, you're regretting not cashing out. But don’t worry. That happens to all people at some t...
Introduction Today, I'm sharing my hands-on adventure through a real-world lab from PortSwigger's Web Security Academy, where I successfully exploited a Path Traversal vulnerability to read the sensitive /etc/passwd file. If you've ever wondered how ...
Zero Day The very first step in a journey of a thousand hacks begins here. 🔥✨ 👋 Hello and welcome to Zero Day — the launchpad where I, Xoryush, begin my mission to master cybersecurity, one bug at a time. 🐛💻 This blog is my public notebook 📓, ...
I haven’t blogged in over a year. Not because I had nothing to write - I just didn’t publish. Most of my time went into security cert prep, especially BSCP. Nearly every security nerd has heard or used BurpSuite in their life. Its creator PortSwigger...
Introduction As part of my journey into web application penetration testing, I completed all the Cross-Site Scripting (XSS) labs from PortSwigger’s Web Security Academy. These labs covered basic to advanced XSS vulnerabilities, and I learned how att...
Hey guys ✌🏻, I share my self-study journey in Web Security here, hoping these notes provide something useful for both newcomers and experienced folks. Summary In my third year studying Information Security, I realized that what we learn in class is ...
April 08, 2025 my week-long Burp Suite study brought me to the Repeater tab—a tool that’s all about manual control and precision in web security testing. Using my custom VulnHub app, a Flask-based vulnerable web app running in Docker , I explored how...
In this article, we’ll cover Certificate mismanagement - Even if we're mismanaged, there'll be no sad faces on SOC-mas! write-up as the Day 14 challenge of the Advent of Cyber event challenge. It involved using Portswagger’s Burp Suite to take advant...
In this article, we’ll cover the XXE - SOC-mas XX-what-ee? write-up as the Day 5 challenge of the Advent of Cyber event challenge. It was interesting to navigate Web Security for an e-commerce gifting site using PortSwigger’s XML external entity (XXE...
Lab Scenario: Our objective is to understand and exploit a web application's broken brute-force protection, where the login credentials are submitted in JSON format. By manipulating the request to submit multiple credentials, we aim to bypass the pro...
