Blog
Insights, tutorials, and research on cybersecurity, penetration testing, and security best practices
Bypassing SSL Pinning in Android Applications Using Frida
In today’s mobile security landscape, SSL pinning is a common technique used to protect the integrity of HTTPS connections in Android applications. However, for penetration testers and security researchers, it’s often necessary to bypass SSL pinning to analyze
Udesh
Apache Tomcat Server - Deserialization of Untrusted Data RCE
Introduction Apache Tomcat is a widely-used open-source implementation of Java technologies, including Java Servlet, JavaServer Pages (JSP), Java Expression Language, and WebSocket. In this post, we'll delve into a critical vulnerability found in Apache Tomcat
Udesh
Windows Service Privilege Escalation
Introduction In today’s tutorial, we’ll walk through a Windows privilege escalation technique that leverages insecure service permissions. This method is particularly useful when you’ve already exploited a vulnerability on a Windows machine using a publicly av
Udesh
Auth Bypass with PHP Type Juggling
Auth Bypass with PHP Type Juggling In this post, we will learn how to bypass authentication using PHP type juggling. Introduction PHP type juggling refers to the automatic conversion of data types during comparison operations. PHP offers two modes of compariso
Udesh
Abusing SeLoadDriverPrivilege for Privilege Escalation
Abusing SeLoadDriverPrivilege for Privilege Escalation In the complex world of Windows security, understanding the permissions and privileges granted to various services and user accounts is crucial. One such privilege, SeLoadDriverPrivilege, plays a significa
Udesh
Spawning a TTY Shell
Spawning a TTY Shell – Break out of Jail or limited shell A TTY shell is a shell that is connected to a TTY device. It is a terminal that allows you to interact with the system. When you have a limited shell, you can spawn a TTY shell to break out of the restr
Udesh