I am feeling the excited cause of passing the exam on 10/23/2017 after investing a lot of time for it. My daily working is a Software Developer/Application Security Researcher. Now I am interested in Cloud Computing, I am choosing AWS for next my target and try to learn it as much as possible. Of course,… Continue reading How to get AWS Certified Solutions Architect – Professional
Exploiting Node.js Deserialization bug for Remote Code Execution (CVE-2017-5941)
The eval() function is a common function of nodejs that is easy to exploit if data passed to it not filtered correctly. On review source code of some projects in nodejs and researching nodejs application security. I found this function used on some project that it is vulnerable to exploit. For the source code for this… Continue reading Exploiting Node.js Deserialization bug for Remote Code Execution (CVE-2017-5941)
Exploit DVWA Cross Site Request Forgery (CSRF) High level
CSRF is a attack type that exploit web vulnerability to execute unauthorized commands that they are transmitted from a user website trusts such as: process order, create user....By exploit this one we can do actions like we want, under another account. For more detail access this link. Back to my testing. Look at CSRF at… Continue reading Exploit DVWA Cross Site Request Forgery (CSRF) High level
Resources for writing exploitation code
The following links provide many cool kinds of stuff for anyone to learn writing exploitation. I followed these resources for many years. They are really really useful resources for master exploit techniques from userland to kernel land. http://www.pentest.guru/index.php/2016/01/28/best-books-tutorials-and-courses-to-learn-about-exploit-development/
Exploit ImageMagick RCE – Get a reverse shell
This is the excerpt for your very first post.