Skip to content

Home

About me:

Pentester || Ex-cybersecurity Trainer || OpenSource lovers || KISS

Certificates:

CEH - Certified Ethical Hacker
CAP - Certified AppSec Practitioner
CNSP - Certified Network Security Practitioner
eWPT - Web Application Penetration Tester
CRTA - Certified Red Team Analyst

Certificates in progress:

eWPTX - Web Application Penetration Tester eXtreme
MCRTA - Multi-Cloud Red Team Analyst
ADRTS - Certified Active Directory Red Team Specialist

Next certificate:

eCPPT - Certified Professional Penetration Tester

Hands-on Hacking Labs:

HackTheBox
TryHackMe
Web Security Academy
HackMyVM
Proving Grounds

Writeups (23122025):

HTB: 56
MCRTA: 2
PG_Play: 49
PG_Practice: 118
Port_Swigger: 104
THM: 6

Total of 335 writeups

Last added writeups (last 14 days):
Port_Swigger_Exploiting XXE to perform SSRF attacks
Port_Swigger_Unprotected admin functionality
Port_Swigger_Accessing private GraphQL posts
Port_Swigger_Detecting NoSQL injection
Port_Swigger_Authentication bypass via OAuth implicit flow
Port_Swigger_Forced OAuth profile linking
Port_Swigger_Information disclosure on debug page
Port_Swigger_Insecure direct object references
Port_Swigger_Excessive trust in client-side controls
Port_Swigger_Modifying serialized data types
Port_Swigger_Exploiting NoSQL injection to extract data
Port_Swigger_Modifying serialized objects
Port_Swigger_Information disclosure in version control history
Port_Swigger_Authentication bypass via information disclosure
Port_Swigger_Basic server-side template injection
Port_Swigger_Using application functionality to exploit insecure deserialization
Port_Swigger_JWT authentication bypass via unverified signature
Port_Swigger_Information disclosure in error messages
Port_Swigger_Exploiting NoSQL operator injection to bypass authentication
Port_Swigger_Manipulating WebSocket messages to exploit vulnerabilities
Port_Swigger_Basic server-side template injection (code context)
Port_Swigger_Unprotected admin functionality with unpredictable URL
Port_Swigger_User role can be modified in user profile
Port_Swigger_Source code disclosure via backup files
Port_Swigger_Manipulating the WebSocket handshake to exploit vulnerabilities
Port_Swigger_Exploiting XXE using external entities to retrieve files
Port_Swigger_User role controlled by request parameter
Port_Swigger_JWT authentication bypass via flawed signature verification

Contact:

mail: firstname(at)domain