PinnedPublished inInfoSec Write-upsXS-Leak: Deanonymize Microsoft Skype Users by any 3rd-party websiteXS-Leaks — These are class of vulnerabilities derived from side channel attack. Although browsers have security features like SOP, which…Apr 21, 2023Apr 21, 2023
PinnedPublished inInfoSec Write-upsHow Browser’s Save As Feature might lead to Code Execution (CVE-2022–45415)Few days ago, while I was exploring browser based bugs, I read a article over internet explaining about a path traversal vulnerability in…Jan 14, 20232Jan 14, 20232
PinnedPublished inInfoSec Write-upsBlind SSRF in Skype (Microsoft)Server Side Request Forgery is a vulnerability that allows attacker to make server request to attacker controlled network location/path.Oct 28, 20221Oct 28, 20221
PinnedPublished inInfoSec Write-upsGrafana Admin Panel bypass in Google Acquisition(VirusTotal)I started with usual subdomain recon of a google acquisition(VirusTotal).This time I used a online subdomain finder service…Feb 20, 20212Feb 20, 20212
Published inInfoSec Write-upsZoho QEngine: Arbitrary File ReadZoho QEngine is a test automation software to test your code on various devices & browsers before they get released.Dec 10, 2024Dec 10, 2024
Published inInfoSec Write-upsExposing cybercrime.gov.in Phishing: The Browser-In-The-Browser ScamLong story short, We have a private WhatsApp/Telegram group which includes renowned infosec people & law enforcement officials from Tamil…Jul 29, 2024Jul 29, 2024
Published inInfoSec Write-upsIntro to Debugging Java Web Servers Without Source Code For Security ResearchersDebugging Java web servers in an on-premise environment is crucial for pentesting and source code reviews. It’s possible to easily…Jul 16, 2024Jul 16, 2024
Published inInfoSec Write-upsOpManager: CSRF & XS-Leak Chained for Information DisclosureManageEngine OpManager is a powerful network monitoring software that provides deep visibility into the performance of your routers…Apr 18, 20241Apr 18, 20241
Published inInfoSec Write-upsJSON CSRF in Microsoft Bing Maps CollectionsBing Maps allows users to create a collection and add places to those collections as shown below.Feb 9, 2024Feb 9, 2024
Published inInfoSec Write-upsIntro to Fuzzing IoT Protocols using BooFuzzIn this article let’s learn about how to fuzz IoT protocols such as modbus using boofuzz, a open source fuzzing framework which can fuzz…Jan 17, 2024Jan 17, 2024
