Posts

All the articles I've posted.

• Advanced Web Hacking & Pivoting Cheatsheet

  22 Dec, 2024

  SSRF, Request Smuggling, Prototype Pollution, WAF bypass, OAuth, SAML, advanced logic flaws and internal pivoting

• Web Exploitation Cheatsheet

  25 Nov, 2024

  SQLi, RCE, LFI/RFI, File Uploads, Deserialization, SSTI, Auth bypass and manual exploitation for HTB, CTFs and real-world pentests

• Web Attack Surface & Enumeration Cheatsheet

  10 Sep, 2024

  Discovery, fingerprinting, content discovery, parameter fuzzing, virtual hosts and technology mapping for HTB, CTFs and real-world pentests

• Password Attacks & Credential Hunting Cheatsheet

  2 Sep, 2023

  Bruteforce, credential harvesting, hash cracking, spraying and password reuse attacks for HTB, CTFs and real-world pentests

• BurpSuite Repeater/Intruder Power Tips

  15 Jun, 2023

  Advanced workflows, payload tricks, bypass techniques and hidden features for HTB, CTFs and real-world web exploitation

• OSINT Capture-The-Flag Cheatsheet

  10 May, 2023

  Fast techniques, tools and workflows for social, metadata, geolocation, infrastructure and digital footprint CTF challenges

• Reverse Shells & Web Shells Cheatsheet

  22 Mar, 2023

  Quick shells for HTB/CTFs: reverse shells, bind shells, web shells, upgrades and fallback techniques