This article covers exploiting SQL Injection manually in a Graphql Application. Graphql Introduction Graphql is a query language for APIs used to interact with the back end. It works as an intermediate between the client and the backend. It is like the REST API but unlike the REST API that uses a…

SUID : The Traditional Linux Way Sometimes a user with low privileges needs to perform specific tasks with higher privileges and for that Linux has functionality for setting SUID bit on particular binaries. The SUID (Set User ID) bit is a special permission that can be set on executable files in the Linux operating system. …

In this blog, we will see some exciting C programs, I want you to look at those programs and try to guess the output without executing. But of course, you can execute the programs after you have solved them yourself. Don’t worry it’s not going to be a complex program…

PDF is a very popular document format and is trusted among users, so it’s easy to manipulate users to open a pdf and perform some actions. Phishing is a type of social engineering attack that misguide user to perform some action that leads to stealing user data, including login credentials…

In this blog, we are going to see every step that is required to exploit Stack Buffer Overflow with the help of Immunity Debugger. I’m not going to talk about what stack is and what stack overflow is as this blog only covers the exploitation part, but if you want…

In this article, we will see how to perform Remote Code Execution through Log Poisoning which is a type of Local File Inclusion. Let’s say there’s a web application using PHP as its backend language. For this whole process, burp can be used but I’m going to use cUrl to…

Disclaimer: This blog is only for educational purpose. What is Reconnaissance? Recon or Reconnaissance means gathering information about the target network, machine, domain, server, or a particular service to better understand the target and find potential points of exploitation. There are two types of recon:- Active Recon A pentester uses it to gather…

A program would usually comprise multiple functions and there needs to be a way of tracking which function has been called, and which data is passed from one function to another. The stack is a region of contiguous memory addresses and it is used to make it easy to transfer…

In this blog, we are going to talk about golden and silver ticket attacks. KDC Overview The Key Distribution Center is a service in Active Directory that issues TGT tickets to clients so they can access services with proper authentication and authorization. Just like every service in AD is associated with an…