Sahil Dhar

Sahil Dhar is an Information Security Enthusiast having more than two years of hands-on experience in Application Security, Penetration Testing, Vulnerability Assessments and Server Config Reviews. He has also been acknowledged and rewarded by various organizations like Google, Apple, Microsoft, Adobe, Barracuda, Pinterest, Symantec, Oracle etc for finding vulnerabilities in their online services.
Sahil Dhar

Finding and exploiting XXE - XML external entities injection

In this article, we will have an in-depth look at how to find and exploit XML External Entity Injection vulnerabilities. XXE (XML External Entity) as th

An introduction to penetration testing Node.js applications

In this article, we will have a look at how to proceed when penetration testing Node.js applications or looking for Node.js specific issues. Node.js is a

Exploiting Protostar – Stack 0-3

In this article, we will be reverse engineering and exploiting simple C programs from Protostar VM by We will be mainly focusing at ho

Code Review of Node.Js Applications: Uncommon Flaws

This article covers the left-over vulnerabilities from Part-1. In this article, we will have an in-depth look at some uncommon flaws and how to find them whi

Hacking IMF – CTFh

IMF is yet another awesome boot2root challenge hosted by Vulnhub where one needs to go through various web and some binary exploitation to fetch all flags.

Breaking into Fortress DC416 – CTFha

In this article, we will be solving fortress VM which is one of the VMS created by Vulnhub team for DEFCON Toronto's 2016 offline CTF. Introduction I picked

Understanding Security Implications of AngularJs

In this article, we will have a brief overview of security implications of AngularJs which mainly includes basics of AngularJs and inner working of various s

Writing Burp Extensions (Shodan Scanner)

In this article, we will have an overview of writing Burp extensions. At the end of the post, we will have an extension that will take any HTTP request, dete

Automating Windows Privilege Escalation

In this article, we will a have a look at automating certain tasks on windows to escalate our privileges and gain access to the system. [pkadzone zone="main_

Code execution and privilege escalation – Databases

In this article, we will have an in depth at some very uncommon techniques for gaining a remote code execution on uncommon databases and escalating privi

Data Extraction Using Binary Conversion/Binary Anding

This article covers how to extract data in case of blind SQL injections in fastest and most efficient way. Overview SQL injection vulnerability has been out

Bypassing CSRF Protections for Fun and Profit

In this article, we will have a look at some unique methods for exploiting CSRF attacks. Overview: Cross Site Request Forgery is an attack that forces an aut