Home

About me:

Pentester || Cybersecurity Trainer || OpenSource lovers || KISS

Certificates:

CEH - Certified Ethical Hacker
CAP - Certified AppSec Practitioner
CNSP - Certified Network Security Practitioner
eWPT - Web Application Penetration Tester
CRTA - Certified Red Team Analyst

Certificates in progress:

CAPen - Certified AppSec Pentester
MCRTA - Multi-Cloud Red Team Analyst

Badge:

Writeups (25082025):

HTB: 56
MCRTA: 2
PG_Play: 49
PG_Practice: 118
Port_Swigger: 52
THM: 6
List of all (283) writeups

Last added writeups (last 14 days):
Port_Swigger_Stored XSS into anchor href attribute with double quotes HTML-encoded
Port_Swigger_Blind OS command injection with out-of-band interaction
Port_Swigger_DOM XSS in jQuery selector sink using a hashchange event
Port_Swigger_Reflected XSS into HTML context with most tags and attributes blocked
Port_Swigger_Blind OS command injection with output redirection
Port_Swigger_Reflected DOM XSS
Port_Swigger_Stored DOM XSS
Port_Swigger_Reflected XSS into a JavaScript string with angle brackets HTML encoded
Port_Swigger_DOM XSS in AngularJS expression with angle brackets and double quotes HTML-encoded
Port_Swigger_OS command injection, simple case
Port_Swigger_Reflected XSS into attribute with angle brackets HTML-encoded
Port_Swigger_DOM XSS in document.write sink using source location.search inside a select element
Port_Swigger_Blind OS command injection with time delays
Port_Swigger_Reflected XSS into HTML context with all tags blocked except custom ones
Port_Swigger_Reflected XSS with some SVG markup allowed

Contact:

mail: firstname(at)domain