119 articles
Complete review of INE Security's eWPTXv2 certification: advanced web pentesting course, bypass techniques, challenging exam, and my experience obtaining the certification.
Learn how to execute XSS by hosting malicious payloads in different types of DNS records such as MX, NS, CNAME, and TXT.
Complete review of TCM Security's PNPT certification: practical pentesting course, Active Directory, realistic 5-day exam, and my experience obtaining the certification.
Learn how to exploit a CSRF vulnerability without defenses in PortSwigger Lab. Step-by-step guide to create a malicious HTML page that changes the victim's email through Cross-Site Request Forgery.
Learn how the Cross-site Request Forgery (CSRF) attack works, its conditions, practical exploitation examples, and main defenses like CSRF tokens and the SameSite attribute.
Complete review of Altered Security's CRTP certification: course content, Active Directory labs, hands-on exam, and my experience as a Certified Red Team Professional.
Detailed explanation of Cross-Origin Resource Sharing (CORS), its HTTP headers, functionality, and potential configuration vulnerabilities in web applications.
Learn how to exploit stored XSS vulnerabilities to steal session cookies and perform Session Hijacking in this PortSwigger lab.
Learn how to exploit stored DOM XSS vulnerabilities in the comments functionality and how to bypass JavaScript's replace() method.
If you like the content and want to support the project, you can buy me a coffee. Your support helps keep the site active and create more quality content.
Buy me a coffeeThanks for your support 🙏