Blog

Bypassing SSL Pinning in Android Applications Using Frida

In today’s mobile security landscape, SSL pinning is a common technique used to protect the integrity of HTTPS connections in Android applications. However, for penetration testers and security researchers, it’s often necessary to bypass SSL pinning to analyze

Apache Tomcat Server - Deserialization of Untrusted Data RCE

Introduction Apache Tomcat is a widely-used open-source implementation of Java technologies, including Java Servlet, JavaServer Pages (JSP), Java Expression Language, and WebSocket. In this post, we'll delve into a critical vulnerability found in Apache Tomcat

Windows Service Privilege Escalation

Introduction In today’s tutorial, we’ll walk through a Windows privilege escalation technique that leverages insecure service permissions. This method is particularly useful when you’ve already exploited a vulnerability on a Windows machine using a publicly av

Auth Bypass with PHP Type Juggling

Auth Bypass with PHP Type Juggling In this post, we will learn how to bypass authentication using PHP type juggling. Introduction PHP type juggling refers to the automatic conversion of data types during comparison operations. PHP offers two modes of compariso

Abusing SeLoadDriverPrivilege for Privilege Escalation

Abusing SeLoadDriverPrivilege for Privilege Escalation In the complex world of Windows security, understanding the permissions and privileges granted to various services and user accounts is crucial. One such privilege, SeLoadDriverPrivilege, plays a significa

Spawning a TTY Shell

Spawning a TTY Shell – Break out of Jail or limited shell A TTY shell is a shell that is connected to a TTY device. It is a terminal that allows you to interact with the system. When you have a limited shell, you can spawn a TTY shell to break out of the restr