Jonathan Armas
Bypassing SQLi filters manually
SQL injection can be one of the most dangerous vulnerabilities. Here we will see how to bypass certain controls that developers put in their code.
Jonathan Armas
Attacking a web server using SSRF
Here we will see what a Server Side Request Forgery is, how hackers can exploit it, and what are the best ways to protect against this attack.
Jonathan Armas
Searching for credentials in a repository
As everyone knows in our context, production credentials should be protected. In this post, we explain how to extract old credentials and how to protect them.
Jonathan Armas
Attacking a network using Responder
Windows hosts use LLMNR and NBT-NS for name resolution on the local network. These protocols do not verify addresses, and here we detail how to exploit this.
Jonathan Armas
The meaning of Try Harder
The OSCP exam is one of the hardest certifications out there for pentesters. Here we show you how you can prepare yourself to do your best on it.
Jonathan Armas
Intercept applications in newer Android phones
Android is one of the most suitable targets for hackers. Here we show how to intercept Android apps' web traffic by installing a self-signed certificate.
Jonathan Armas
Attacking a DC using kerberoast
Windows Active Directory works using the Kerberos protocol, and in this blog post, we detail how we can exploit its functionality to obtain user hashes.
Jonathan Armas
The weakest link in security is not the technology
Here we want to help you secure your deployments and avoid common mistakes. Infrastructure as code is one of the easiest ways to leverage cloud computing.
Jonathan Armas
How to resolve HTB Bounty
In this article, we present how to exploit a Bounty machine's vulnerabilities and how to gain access as an Administrator and obtain the root flag.
