HTB Write-up | Horizontall (user-only)
Write-up for Horizontall, a retired HTB Linux machine.
Automatic Threat Modeling with pytm and Github Actions
pytm is a OWASP tool that integrates with a custom GPT to make the threat modeling process quicker and more automated. I've developed a custom Github Action that, on every Pull Request event, generates or updates a Threat Model report, based on changes to the Python files generated
HTB Write-up | FormulaX (user-only)
Write-up for FormulaX, a retired HTB Linux machine.
HTB Write-up | Blazorized (user-only)
Write-up for Blazorized, a retired HTB Windows machine.
HTB Write-up | iClean (user-only)
Write-up for iClean, a retired HTB Linux machine.
Exploiting SSRF in Kubernetes
While testing an API that was exposed to the Internet, I found an unauthorised SSRF vulnerability that allowed me to trick the server into performing any GET request using http or https protocol. I had access to the response (i.e.: this wasn't a blind SSRF), full control
HTB Write-up | Vessel (user-only)
Write-up for Vessel, a retired HTB Linux machine.
Exfiltrating data from Android applications via WebView Takeover (Open Redirect)
In this article, I go through the scenarios in which I've been able to exfiltrate data from real Android applications, after detecting a WebView takeover (aka "Open Redirect") vulnerability.
DataStore is the new SharedPreferences, old vulns still apply
Neither DataStore nor SharedPreferences should be used to persist sensitive data ... but as we know, Insecure Data Storage is one of the most common vulnerabilities found in mobile applications.
HTB Write-up | Paper
Write-up for Paper, a retired HTB Linux machine.
Creating a very spammable endpoint with Oracle APEX Restful Services
I'm helping an organisation that has a very simple (and very static) corporate website. They were interested in adding a contact form, and wanted the data to be sent to their APEX-managed database. Building an entire back-end service for this purpose seemed like too much work, so I
HTB Write-up | Previse
Retired machine can be found here. Scanning As always, we start by mapping the previse.htb hostname to the given IP: ~ sudo nano /etc/hosts 10.10.11.104 previse.htb The nmap scan is pretty boring, it seems there's a web server running on port 80 and