119 articles
Learn how to exploit a Reflected DOM XSS vulnerability in PortSwigger Lab. Step-by-step guide to identify and exploit an insecure script that processes reflected data in the DOM in a vulnerable way.
Learn how to perform Rogue AP attacks against WPA Enterprise networks using hostapd-wpe to capture user credentials.
Learn how to exploit a DOM XSS in AngularJS expressions in PortSwigger Lab. Step-by-step guide to execute JavaScript through Angular expressions when angle brackets and double quotes are HTML-encoded.
Complete guide to getting started in the bug bounty world, including platforms, tools, VPS, methodology, and tips for finding vulnerabilities.
Learn how to exploit DOM XSS in document.write by escaping from a select element and executing arbitrary JavaScript code.
Learn how to exploit a Reflected XSS inside a JavaScript string in PortSwigger Lab. Step-by-step guide to escape from a string and execute JavaScript code when angle brackets are HTML-encoded.
Learn how to exploit a Stored XSS in the href attribute of an anchor in PortSwigger Lab. Step-by-step guide to execute JavaScript when clicking on the comment author's name when double quotes are HTML-encoded.
Explanation of the Clickjacking attack (UI redressing), how it works through invisible iframes to trick users into performing unauthorized actions, and how to protect against it using X-Frame-Options and Content Security Policy.
Complete review of INE Security's eWPT certification: web pentesting course, OWASP vulnerabilities, hands-on exam, and my experience as a Web Penetration Tester.
If you like the content and want to support the project, you can buy me a coffee. Your support helps keep the site active and create more quality content.
Buy me a coffeeThanks for your support 🙏