BlogHide Resteemstutorialboy (29)in smart • 2 years agoAn Introduction to Smart Contracts Hacking and AttacksSmart contracts occupy a separate niche in software development. They are small, immutable, visible to everyone, run on decentralised nodes and, on top of that, transfer user funds. The smart…tutorialboy (29)in cybersecurity • 2 years agoA Summary of Fuzzing Tools and Dictionaries For Bug Bounty HuntersIntroduction Testing for vulnerabilities by manually entering input can be unmanageable. In these days and age where people have low levels of time and patience, the idea of manually providing…tutorialboy (29)in cybersecurity • 2 years agoA Remote Code Execution in JXPath Library (CVE-2022-41852)Source :- On 6th October 2022 new CVE was released for critical vulnerability with the identifier CVE-2022-41852. This vulnerability affects a Java library called Apache Commons JXPath, which…tutorialboy (29)in cybersecurity • 2 years agoAndroid Security : A Checklist For Exploiting WebViewSource :- WebView is a web browser that can be built into an app, and represents the most widely used component of the Android ecosystem; it is also subject to the largest number of potential…tutorialboy (29)in cybersecurity • 2 years agoWhat is Web Fuzzing: How can Web Fuzzing useful in Pentest?Fuzzing is generally finding bugs/issues using automated scanning with supplying unexpected data into an application then monitoring it for exceptions/errors/stack traces. The motive is to supply…tutorialboy (29)in kuberntes • 2 years agoA Detailed Talk about K8S Cluster Security from the Perspective of Attackers (Part 2)Source :- Introduction The attacker's perspective on K8S cluster security (Part 1) summarizes the attack methods on K8S components, node external services, business pods, and container…tutorialboy (29)in xss • 2 years agoXSS vulnerabilities discovered in ServiceNow - CVE-2022-38463Source :- Hey everyone, This is a blog related to my recent CVE on ServiceNow. It was found while testing a bug bounty program that was using ServiceNow and their in-scope domain was…tutorialboy (29)in kuberntes • 2 years agoA Detailed Talk about K8S Cluster Security from the Perspective of Attackers (Part 1)Source :- Introduction As a representative of cloud-native management and orchestration systems, Kubernetes (K8S for short) is receiving more and more attention. A report [1] shows that 96%…tutorialboy (29)in php • 2 years agoHow To Exploit PHP Remotely To Bypass Filters & WAF RulesThis is the first of two vulnerable PHP scripts that I’m going to use for all tests. This script is definitely too easy and dumb but it’s just to reproducing a remote code execution vulnerability…