Rogue AP using hostapd-wpe - Attacks on WPA Enterprise Networks
Learn how to perform Rogue AP attacks against WPA Enterprise networks using hostapd-wpe to capture user credentials.
May 2, 2022 Eric Labrador
All Posts
127 articles
DOM XSS in AngularJS expression with angle brackets and double quotes HTML-encoded – PortSwigger Write Up
Learn how to exploit a DOM XSS in AngularJS expressions in PortSwigger Lab. Step-by-step guide to execute JavaScript through Angular expressions when angle brackets and double quotes are HTML-encoded.
Apr 5, 2022 Juan Antonio González Mena
How to Get Started in Bug Bounty
Complete guide to getting started in the bug bounty world, including platforms, tools, VPS, methodology, and tips for finding vulnerabilities.
Apr 1, 2022 Eric Labrador
DOM XSS in document.write sink using source location.search inside a select element – PortSwigger Write Up
Learn how to exploit DOM XSS in document.write by escaping from a select element and executing arbitrary JavaScript code.
Mar 31, 2022 Juan Antonio González Mena
Reflected XSS into a JavaScript string with angle brackets HTML encoded – PortSwigger Write Up
Learn how to exploit a Reflected XSS inside a JavaScript string in PortSwigger Lab. Step-by-step guide to escape from a string and execute JavaScript code when angle brackets are HTML-encoded.
Mar 30, 2022 Juan Antonio González Mena
Stored XSS into anchor href attribute with double quotes HTML-encoded – PortSwigger Write Up
Learn how to exploit a Stored XSS in the href attribute of an anchor in PortSwigger Lab. Step-by-step guide to execute JavaScript when clicking on the comment author's name when double quotes are HTML-encoded.
Mar 29, 2022 Juan Antonio González Mena
How the Clickjacking Attack Works
Explanation of the Clickjacking attack (UI redressing), how it works through invisible iframes to trick users into performing unauthorized actions, and how to protect against it using X-Frame-Options and Content Security Policy.
Mar 28, 2022 Juan Antonio González Mena
eWPT Review - eLearnSecurity Web Application Penetration Tester 2022
Complete review of INE Security's eWPT certification: web pentesting course, OWASP vulnerabilities, hands-on exam, and my experience as a Web Penetration Tester.
Mar 11, 2022 Juan Antonio González Mena
Reflected XSS into attribute with angle brackets HTML-encoded – PortSwigger Write Up
Learn how to exploit a Reflected XSS in an HTML attribute in PortSwigger Lab. Step-by-step guide to inject a malicious attribute that executes JavaScript when angle brackets are HTML-encoded.
Mar 10, 2022 Juan Antonio González Mena