Posts

Getting Started With Hardware Hacking - Tools

Kickstart your hardware hacking journey by learning the basics of electronics, essential tools, and key components like PCB boards, breadboards, soldering irons, and Flipper Zero. Stay tuned for foundational concepts!

Read article

Hardware Hacking - Bridging the Cybersecurity Gap

Explore the world of Hardware Hacking in this beginner-friendly series, sharing valuable insights and knowledge for those intrigued by the convergence of technology and security.

Read article

Navigating the Regex Maze with Ease - ReGen

ReGen simplifies Regex creation by allowing users to generate patterns effortlessly from logs or text. Inspired by BurpSuite’s Grep & Extract, it streamlines digital forensics, attack, defense, and validation tasks. Contribute to its development on GitHub!

Read article

Episode 148: Sushant Pradhan Podcast x Nirmal Dahal

Joined Sushant Pradhan Podcast for an engaging discussion on Ethical Hacking! We explored cybersecurity, hacking insights, and real-world experiences. Watch the full episode to dive into the conversation.

Read article

Nepali Girl - Trojan Analysis

Nepali Girl is an Android trojan spreading via WhatsApp in Nepal, stealing sensitive user data through accessibility abuse. Our analysis reveals phishing capabilities and self-granting permissions. Learn how to protect yourself and remove the threat. Read the full report!

Read article

MEGA's Unlimited Cloud Storage Vulnerability

This article is about a vulnerability that I discovered on a MEGA. MEGA is one of the large firms that provide cloud storage services that you may have heard of, used, or are now using.

Read article

Leveraging the SQL Injection to Execute the XSS by Evading CSP

Discover how SQL Injection was leveraged to execute XSS by evading Content Security Policy (CSP). Learn how misconfigurations can lead to security bypasses and web application exploitation.

Read article

XSS is Love

Discovered an XSS exploit that allowed remote JavaScript execution, CSRF bypass, and credential theft. Chained multiple vulnerabilities for full account takeover. Watch the video for a simulated attack demo!

Read article

R-XSS Leading CSRF ByPass to Account Takeover

Discovered a Reflected XSS vulnerability that enabled CSRF token theft, leading to a full account takeover. This research highlights the risks of improper CSRF protection and how attackers can exploit R-XSS for unauthorized password changes.

Read article

XSS on Samy Pl

Discovered an XSS vulnerability on Samy Kamkar's website by exploiting a JSONP endpoint. Reported and fixed within a day. Even top security researchers' sites can have flaws security is an ongoing process!

Read article

LFI to 10 Servers Pwn

Explore how a Local File Inclusion (LFI) vulnerability led to SSH key extraction, server access, and the compromise of 10 application servers. A deep dive into real-world web application security exploitation.

Read article

CVE-2021-3258 | S-XSS to Defacement & Account Takeover [Q2A Themes]

Discover how a Stored XSS vulnerability in the Q2A Ultimate SEO plugin (CVE-2021-3258) led to website defacement and admin account takeover.

Read article

Facebook [SVG Locky Ransomware] Analysis

An in-depth analysis of Facebook's SVG Locky Ransomware, uncovering how malicious SVG files spread malware through deceptive YouTube-like pages and browser extensions.

Read article

ByPassing EBay XSS Protection

Explore a real world proof of concept for Reflective Cross-Site Scripting (R-XSS) on eBay, discovered in 2016. Learn how input handling flaws can lead to security vulnerabilities.

Read article
LinkedIn
X