Young hacker smiling

We hack your software

zero false positives

Expert intelligence + effective automation

Bounty writeup

Bounty Writeup

How to resolve HTB Bounty

Scanning Phase First of all we check the IP of the Bounty machine and try a ping to see if we have access. ping host$ ping -c2 10.10.10.93 Then scan the ports with nmap, in this case we’re going to use basic nmap. host$ nmap 10 …



Blank CSV document icon

DevOops Writeup

How to resolve HTB DevOops

Scanning Phase First of all we check the IP of DevOops machine and try a ping to see if we have access Then scan the ports with nmap, in this case we’re going to use basic nmap nmap 10.10.10.91 And we see that the port 5000 …



Blank CSV document icon

Is that CSV Secure?

Defining CSV injection vulnerabilities

Comma-Separated Values file (or CSV) is a type of file that stores tabular data, numbers and text in plain text. Each line of the file is a data record and each record consists of one or more fields separated by commas. CSV is a common data exchange format that is …



Line of Lego stormtroopers with one facing the opposite direction

Conserving your identity

Using WS-Security to secure your web apps

In the digital era everything is or has a web application. Web apps are no longer just about content delivery, they have evolved to solve complex business needs and have become a mechanism for application integration. The communication and integration of these applications is most commonly done through Web Services …



Computer with four padlocks, one unlocked

Dude, where’s my XSS protection?

Solving Halls of Valhalla Challenge: XSS4

Web application security is a major concern nowadays. You have to make sure your application is secure, especially if you have a lot of users. There are many controls a developer can implement to attempt to make the site safer. Or so they think. The fun of hacking is looking …



Service status - Terms of Use