Cross-Site Scripting Analysis
From injection to real impact. Explored Reflected, Stored, and DOM vulnerabilities, session exposure, and mitigations like CSP and HttpOnly cookies.
Read Write-up ->A collection of my security research, covering both red team vulnerability exploitation and blue team defensive analysis.
From injection to real impact. Explored Reflected, Stored, and DOM vulnerabilities, session exposure, and mitigations like CSP and HttpOnly cookies.
Read Write-up ->From Error-Based to Blind Exploitation. Analyzed vulnerability root causes and bypassed logic using Boolean, UNION-based, and Time-Based payloads.
Read Write-up ->End-to-end compromise of a Linux machine. Exploited an authentication bypass via SQLi, performed lateral movement, and achieved root via Python library hijacking using sudo SETENV.
Read Write-up ->Exploited a Local File Inclusion (LFI) vulnerability discovered through exposed developer comments. Bypassed null-byte restrictions to extract the Flask source code, revealing a hardcoded Admin API key used to dump the SQLite database.
Read Write-up ->Investigated suspicious network traffic to detect and triage unauthorized Nmap scanning activity. Analyzed logs data to identify stealth scan signatures (SYN, UDP) and documented IOCs for defensive rule creation.
Read Write-up ->