Sahil Dhar
Sahil Dhar is an Information Security Enthusiast having more than two years of hands-on experience in Application Security, Penetration Testing, Vulnerability Assessments and Server Config Reviews. He has also been acknowledged and rewarded by various organizations like Google, Apple, Microsoft, Adobe, Barracuda, Pinterest, Symantec, Oracle etc for finding vulnerabilities in their online services.
Penetration testing
Finding and exploiting XXE - XML external entities injection
In this article, we will have an in-depth look at how to find and exploit XML External Entity Injection vulnerabilities. XXE (XML External Entity) as th
Penetration testing
An introduction to penetration testing Node.js applications
In this article, we will have a look at how to proceed when penetration testing Node.js applications or looking for Node.js specific issues. Node.js is a
Reverse engineering
Exploiting Protostar – Stack 0-3
In this article, we will be reverse engineering and exploiting simple C programs from Protostar VM by exploit-exercises.com. We will be mainly focusing at ho
Penetration testing
Code Review of Node.Js Applications: Uncommon Flaws
This article covers the left-over vulnerabilities from Part-1. In this article, we will have an in-depth look at some uncommon flaws and how to find them whi
Capture the flag (CTF)
IMF is yet another awesome boot2root challenge hosted by Vulnhub where one needs to go through various web and some binary exploitation to fetch all flags.
Capture the flag (CTF)
Breaking into Fortress DC416 – CTFha
In this article, we will be solving fortress VM which is one of the VMS created by Vulnhub team for DEFCON Toronto's 2016 offline CTF. Introduction I picked
Hacking
Understanding Security Implications of AngularJs
In this article, we will have a brief overview of security implications of AngularJs which mainly includes basics of AngularJs and inner working of various s
Hacking
Writing Burp Extensions (Shodan Scanner)
In this article, we will have an overview of writing Burp extensions. At the end of the post, we will have an extension that will take any HTTP request, dete
Hacking
Automating Windows Privilege Escalation
In this article, we will a have a look at automating certain tasks on windows to escalate our privileges and gain access to the system. [pkadzone zone="main_
Penetration testing
Code execution and privilege escalation – Databases
In this article, we will have an in depth at some very uncommon techniques for gaining a remote code execution on uncommon databases and escalating privi
Hacking
Data Extraction Using Binary Conversion/Binary Anding
This article covers how to extract data in case of blind SQL injections in fastest and most efficient way. Overview SQL injection vulnerability has been out
Hacking
Bypassing CSRF Protections for Fun and Profit
In this article, we will have a look at some unique methods for exploiting CSRF attacks. Overview: Cross Site Request Forgery is an attack that forces an aut