Kacper SzurekTagsPolishNewsletterAbout
YouTubeWebinaryFacebookTwitter
Kacper Szurek
TagsPolishNewsletterAboutYouTubeWebinaryFacebookTwitter
Kallithea - exploit git clone functionality

From 0 to pentesting hero

Kallithea - exploit git clone functionality

4 little bugs in the Kallithea software that make it possible to access someone else's data.

17-02-2020

3 MIN READ

PHP PHAR - file_exists can be dangerous

From 0 to pentesting hero

PHP PHAR - file_exists can be dangerous

file_exists - a function that checks if a file with the given name exists on the hard drive. Could such a simple functionality be harmful?

10-02-2020

3 MIN READ

How to login into multiple SSH servers

From 0 to pentesting hero

How to login into multiple SSH servers

Do you work with a lot of linux servers? Do you log in to each of them using your ssh key? On the one hand, you would like to change it more often, but on the other, the overwhelming amount of work associated with changing certificates on many servers discourages you? In today's episode of 'from 0 to pentesting hero', we will take a look at how Netflix solved this problem.

04-02-2020

3 MIN READ

Spring Boot Actuator - security point of view

From 0 to pentesting hero

Spring Boot Actuator - security point of view

Spring Boot Actuator is a tool that allows us to monitor our application built with spring. We can quickly measure various metrics and monitor traffic on our server or check the status of our database. All this thanks to simple rest endpoints.

28-01-2020

2 MIN READ

BURP - Intruder

From 0 to pentesting hero

BURP - Intruder

You want to check which of them belong to the administrators and which are the accounts of ordinary users. Unfortunately, the account type is displayed on a different subpage than the one returned by the server after logging in.

21-01-2020

3 MIN READ

XSS Polyglot

From 0 to pentesting hero

XSS Polyglot

A polyglot is a person who speaks many languages. But the term matters also in contex of security issues.

08-08-2019

4 MIN READ

postMessage

From 0 to pentesting hero

postMessage

A functionality that allows you to exchange data between different domains.

30-07-2019

2 MIN READ

Cross-Site Websocket Hijacking

From 0 to pentesting hero

Cross-Site Websocket Hijacking

Not so long ago, to make website's content appear in real time it had to be kind of simulated. For example from the level of JavaScript - by sending a request to the server every few seconds and downloading the latest content.

24-07-2019

4 MIN READ

© 2022 Kacper Szurek
Disclosure Policy
YouTube
Facebook
Twitter