Summary : Gatekeeper Corp presents a web application with a login portal vulnerable to SQL Injection Authentication Bypass. The login form fails to properly sanitize user input, allowing an attac...

Summary : In this challenge we are presented with a web application that we first enumerate as a normal user, mapping out its endpoints and functionality. During enumeration we identify two inte...

Summary : In this lab, we start by enumerating the target and discovering that it is running Joomla. Using joomscan, we identify the exact version and find a known unauthenticated information disc...

Web Application Pentesting Methodology : Hey everyone! While preparing for CWES and OSWA, i decided to create a brand new methdology specific to Web Apps only , that i can follow and keep on impro...

Checklist : Linux : Before having access : Do nmap scan . If you dont find a web app , just know the path is an outdated Service . always check versions first , if we find web : Find D...

INE eJPT Cheat Sheet | By Elmehdi LAASSIRI Hello everyone , i recently passed the eJPT cert from INE , and i wanted to make a cheat sheet that can be useful for others who are planning on taking t...

Red Team Simulation: Multi-Stage Delivery, AV Bypass Analysis & Persistence with Havoc C2 : Hello everyone, and welcome to my new blog post on AV bypass research ! Before we begin, I want to c...

Hackazon — Web Application Security Assessment Hello everyone, for some context Hackazon is a web app that is designed to be vulnerable to try and test multiple attack paths on it. I didn’t find t...

Summary : Hunter is a an easy challenge from HackSmater , we’re given a list of usernames that the OSINT team got and we should try to enumerate valid usernames on an enterprise portal , the pr...

Active Directory Enumeration and Attacks : Skill Assessment Part 1 | By Laassiri Elmehdi : Hello Everyone and welcome to this guide on the AD Enumeration and Attack Module on HTB Academy , this ...