HTB — Forgot. The detailed walkthrough for solving Forgot on Hack The Box. The box contains vulnerability like host header injection, cache deception, hardcoded credentials and Code injection in `s...

One of the most frequently acknowledged vulnerabilities in bug bounty programs for Android and iOS apps is related to DeepLink, which can be exploited remotely. However, it should be noted that att...

HTB — Ambassador A detailed walkthrough for solving Ambassador Box on Hack The Box. The box contains vulnerability like Arbitrary File Read CVE-2021–43798, weak encryption and Remote Code Executio...

cloudGoatAWS Configure the profile aws configure --profile <profile-name> IAM Privilege Escalation by Rollback Objective: Enumerate IAM policy versions and roll back to a previous ve...

Agenda We sometimes do not receive an APK file or Play Store link to perform an Android Pentest. It could be necessary for us to install it using a invitation link supplied on the work email. ...

Initial Enumeration System Enumeration systeminfo systeminfo | findstr /B /C:"OS Name" /C:"OS Version" /C:"System Type" Extract Patching: wmic qfe wmic qfe get Caption,Description...

Flutter application is proxy unware and we cannot redirect the traffic through WIFI proxy. In android, we can do it by ProxyDroid but, in iOS we need to do it through VPN. sudo wget https://...

Initial Enumeration System Enumeration Enumerate the hostname: hostname Enumerate the kername info uname -a cat /proc/version cat /etc/issues Enumerate the arc...

Attacking and Defending Active Directory Domain Enumeration Part 1 The enumeration can be done by using Native executables and .NET classes $ADClass = [System.DirectoryServices.ActiveDirector...

Installation sudo apt install -y nginx Check an status sudo systemctl status nginx If active and running, navigate to http://localhost. Nginx Directory cd /etc/nginx All the config...