An easy level of #nebula for today's post. Exploiting a basic OS command injection via Lua binary.
#exploitdev
https://telegra.ph/Nebula---12-11-24

A basic example of the SQL injection in another blogpost about #web exploitation.
https://telegra.ph/SQL-injection-vulnerability-in-WHERE-clause-allowing-retrieval-of-hidden-data-11-25

By the way! It's just 8 Euros due to Black Friday right now.

Hello hackers,
It is CyberMonday, so today and only today you can get all my writeups for FREE!
Hurry up, tomorrow the price will return to the original $0!

Continuing to drill into the #Web Security Academy. Another blog post about SQL injections:
https://telegra.ph/SQL-injection-vulnerability-allowing-login-bypass-11-29

This year's Humble Hacking Bundle is here! It's getting better in better every year, I like that.
Check it out, some dang good #books about hacking
https://www.humblebundle.com/books/hacking-by-no-starch-press-books

December is here! What does it mean? Christmas and the new year are coming!
I had an idea to do some sort of hacking advent calendar, maybe a bit similar to THM's Advent of Cyber. Maybe not.
The Idea is to do some challenges every day from December 1st right until Christmas. Or maybe share some goodies with you!
It is going to be fun, that's for sure!

For the second day of the #adventofhacking I'd like to bring up the basic example of the Reflected XSS vulnerability from #Web Security Academy.
https://telegra.ph/Reflected-XSS-into-HTML-context-with-nothing-encoded-12-02

For the 3rd day of the #adventofhacking I'd like to talk about basic example of the Stored XSS, as scratched the surface of explaining the XSS vulnerability in general.
#web
https://telegra.ph/Stored-XSS-into-HTML-context-with-nothing-encoded-12-02

An example of DOM XSS from #Web Security Academy on today's plate.
Happy #adventofhacking everyone!
https://telegra.ph/DOM-XSS-in-documentwrite-sink-using-source-locationsearch-12-02

A good day for some #binaryexploitation challenge, isn't it? Well, any day is a good one during the #adventofhacking!
In this level of #nebula we will debug a simple program with GDB to reveal the access token.
https://telegra.ph/Nebula---13-12-06

PortSwigger released the new category of challenges in their #Web Security Academy - file upload.
Let's hook in in today's #adventofhacking article:
https://telegra.ph/Remote-code-execution-via-web-shell-upload-12-08

https://xkcd.com/2347/
Relevant as never before…
#memes

That's it! That's the end of #adventofhacking series.
I hope you liked it, and maybe learned a thing or two.
Happy Holidays, local nodes! I wish you all the best!
See you all in new year!

Hello hackers,
I didn’t mean to do another post on holidays, but the end of the year is a perfect occasion to evaluate and celebrate even such a small win.

I’m a strong believer that people don’t care about other people goals and resolutions for the new year, but I can assure you there will be more cool and original content here in the future. So with this 101st post I’d like to thank all of you for being a part of that small community! It wouldn’t be possible without you, who could learn something from those posts. I hope you find this channel helpful. If you do, you can share some of the books (that are there for now), or a write-up to someone who could be interested in such stuff, so I will be more motivated to bake some more content.

I wish you all the best in the upcoming new year, and happy holidays!

Hello fellas,
January turned out to be a busy month for me, so it's been quiet here.
Plus, I got sidetracked with this Malware Analysis course.
Smash the fire emoji on that post if you want a review!
It's a great course

My next post will be about fuzzing anyway, as I’m preparing metering for a talk on a local meetup. Those are good resources to begin with:

101 fuzzing. Thank you, bublik community! List will be updated.

[Academic articles]
link: https://github.com/0xricksanchez/paper_collection

[Conversations]
link: https://youtu.be/zDXyH8HxTwg
link: https://youtu.be/YV3jewkUJ54

[tutorials & workshops]
(@HackingForRamen contribution)
link: https://fuzzing.in/
link: https://github.com/antonio-morales/Fuzzing101
link: https://github.com/google/fuzzing

[afl internals]
link: https://afl-1.readthedocs.io/en/latest/
#fuzzing