Home

About me:

Pentester || Ex-cybersecurity Trainer || OpenSource lovers || KISS

Certificates:

CEH - Certified Ethical Hacker
CAP - Certified AppSec Practitioner
CNSP - Certified Network Security Practitioner
eWPT - Web Application Penetration Tester
CRTA - Certified Red Team Analyst

Certificates in progress:

eWPTX - Web Application Penetration Tester eXtreme
MCRTA - Multi-Cloud Red Team Analyst
ADRTS - Certified Active Directory Red Team Specialist

Next certificate:

eCPPT - Certified Professional Penetration Tester

Hands-on Hacking Labs:

HackTheBox
TryHackMe
Web Security Academy
HackMyVM
Proving Grounds

Writeups (26012026):

HTB: 56
MCRTA: 2
PG_Play: 49
PG_Practice: 118
Port_Swigger: 122
THM: 6

Total of 353 writeups

Last added writeups (last 14 days):
Port_Swigger_User ID controlled by request parameter
Port_Swigger_URL-based access control can be circumvented
Port_Swigger_Accidental exposure of private GraphQL fields
Port_Swigger_Inconsistent security controls
Port_Swigger_Exploiting XInclude to retrieve files
Port_Swigger_High-level logic vulnerability
Port_Swigger_Blind XXE with out-of-band interaction via XML parameter entities
Port_Swigger_Flawed enforcement of business rules
Port_Swigger_Exploiting XXE via image file upload
Port_Swigger_Exploiting blind XXE to retrieve data via error messages
Port_Swigger_Exploiting blind XXE to exfiltrate data using a malicious external DTD

Contact:

mail: firstname(at)domain