123 articles
Complete review of OffSec's OSCP certification: legendary pentesting course, PWK labs, 24-hour exam, and my experience obtaining the most recognized certification.
Learn to identify and exploit misconfigurations in Linux Cron Jobs to escalate privileges through weak permissions, PATH, and wildcards.
Complete guide on how the Kerberos protocol works in Active Directory, explaining each step of the authentication process from KRB_AS_REQ to KRB_AP_REQ.
Complete guide on Linux privilege escalation by exploiting incorrect permissions on critical files like /etc/shadow, /etc/passwd, and /etc/sudoers.
Complete review of INE Security's eWPTXv2 certification: advanced web pentesting course, bypass techniques, challenging exam, and my experience obtaining the certification.
Learn how to execute XSS by hosting malicious payloads in different types of DNS records such as MX, NS, CNAME, and TXT.
Complete review of TCM Security's PNPT certification: practical pentesting course, Active Directory, realistic 5-day exam, and my experience obtaining the certification.
Learn how to exploit a CSRF vulnerability without defenses in PortSwigger Lab. Step-by-step guide to create a malicious HTML page that changes the victim's email through Cross-Site Request Forgery.
Learn how the Cross-site Request Forgery (CSRF) attack works, its conditions, practical exploitation examples, and main defenses like CSRF tokens and the SameSite attribute.
If you like the content and want to support the project, you can buy me a coffee. Your support helps keep the site active and create more quality content.
Buy me a coffeeThanks for your support 🙏