Home

Takemeon

Here is a small tool that can help make your life a little more easier. Ofter while subdomain enumeration, there is a whole class of subdomains that gets totally ignored when an nxdomain is encountered. But what is nxdomain? NXDOMAIN stands for Non-existing Internet domains. This means that the domain simply doesn’t exist on the internet. We can...

Read more

Race Conditions - Exploring the Possibilities

Background TLDR; Race conditions are not that old. They are very widely available much more than you might think they are. While we do see that they have not made it in the OWASP Top 10, if there were an 11th Position, I think that place would be perfect to rate their severity. While most of the frameworks now a days have inbuilt capability t...

Read more

Absolute Bruteforce with Selenium

Background Bruteforcing is perhaps the most underated attack vector. But comeon, if you notice a website verifying your phone number over 4 digit numeric code, you will atleast try to bruteforce it to see if there is any rate-limiting enabled or not. Some of us may even try to bypass the rate-limiting but that’s not what I am going to talk abou...

Read more

Creating your first buffer-overflow in x64 machines

This is blog post will lay the foundations to buffer-overflow. I recommend you read this blog first before going to the practical session which is followed in another post. Let’s get started with our 1st overflow. I will try to keep things as simple as possible. The first thing we need to do is disable Address Space Layout Randomisation (ASLR ...

Read more

Getting Started with BufferOverflow in x64 machines

This is blog post will lay the foundations to buffer-overflow. I recommend you read this blog first before going to the practical session which is followed in another post. Overview A buffer overflow, or buffer overrun, is an anomaly where a program while writing data to a buffer, overruns the buffer’s boundary and overwrites adjacent memory l...

Read more

How a classical XSS can lead to persistent ATO Vulnerability?

TL;DR (Too long; Do read) Hello Hunters, XSS (Cross Site Scripting) is really one of the most common bugs that we have found atleast once somewhere The thing that is not common is how we report it? Most of the Bug Bounty Programs asses the severity of an issue by considering the worst case impact that a particular POC can demonstrate. For inst...

Read more