Part 1: Introduction to Android Security: Architecture, Sandbox, IPC, and System ProtectionsJun 5, 2026·7 min read
PinnedHost Header: Small Change, Big RiskOne mistake in the request header - total compromise in return.Jul 4, 2025·5 min read
How to Set Up Burp Suite Proxy on Rooted Android with AlwaysTrustUserCerts (Magisk)May 8, 2026·4 min read
Caption HackTheBox WriteupCompromising the Caption machine by abusing GitBucket and a buggy log service to gain root access.Jul 7, 2025·4 min read
Cicada HackTheBox WriteupAn Active Directory journey from user enumeration to domain admin via backup privilege abuseJul 7, 2025·11 min read
NoSQL injectionNoSQL injection is a vulnerability where an attacker is able to interfere with the queries that an application makes to a NoSQL databaseMay 1, 2025·4 min read
CRLF Injection: A Critical Web Application VulnerabilityCRLF (Carriage Return Line Feed) injection is a type of attack that targets web applications through the manipulation of HTTP headers. The term “CRLF” refers to the characters used to mark the end of a line in HTTP requests and responses. These chara...Feb 11, 2025·5 min read
Web Cache Deception: Understanding and Mitigating Security RisksWeb Cache Deception is a technique that attackers use to manipulate caching systems and mislead web applications into serving unintended contentJan 29, 2025·5 min read
Unrested HTB WriteupAbout Unrested Unrested is a medium difficulty Linux machine hosting a version of Zabbix. Enumerating the version of Zabbix shows that it is vulnerable to both CVE-2024-36467 (missing access controls on the user.update function within the CUser class...Jan 28, 2025·8 min read
