Published inPenTester NepalTackling IDOR on UUID based objectsHi there! I hope all of you are doing well. I am back with my new writeup. In this writeup, i will be discussing about an interesting IDOR…Jan 314Jan 314
Published inPenTester NepalHacktheBox: Soccer WriteupHey everyone, I wanted to share my experience doing the HackTheBox machine “Soccer”, which is rated as an “easy” machine. During my…Jun 10, 2023Jun 10, 2023
Published inPenTester NepalOWASP KTM 0x03 CTF writeupHi there! I hope you're all having a good time. Don’t forget to stay hydrated ❤ Today’s writeup is about how we solved OWASP KTM’s 0x03…Apr 22, 2023Apr 22, 2023
Published inPenTester NepalDeserilaization Disaster in PHPWhat really is serialization?Mar 1, 2023Mar 1, 2023
Here’s How We Exploited the GitHub Workflow: A Walkthrough of OWASP Kathmandu CTFWe would like to extend a warm greeting to Smaran Chand, Niraj Khatiwada and Kailash Bohara brothers who put in tireless effort to organize…Jan 15, 20231Jan 15, 20231
Published inPenTester NepalInteresting Stored XSS via meta dataBack in February of this year Bibek Neupane and I had hacked on a private bug bounty program on Hackerone, we had chosen one of the social…Nov 22, 20223Nov 22, 20223
Published inPenTester Nepal2FA: A guarantee of complete safety?Hi there, hope you are doing well on your side of screen. I am back with small social awareness blog regarding some misconceptions of 2…Jul 11, 2022Jul 11, 2022
Published inPenTester NepalHacking into WordPress themes for CVEs and Fun.Hi there! I hope all is well with you. In this writeup, I’ll discuss about the research I did on a WordPress theme, which taught me a lot…Jun 16, 20222Jun 16, 20222
Published inPenTester NepalOpen Redirect: Just a redirection?Greetings, everyone! i’m back with a new article after a long absence. In this writeup, i will attempt to explain everything i know about…Apr 21, 20222Apr 21, 20222