You Forgot, I Remembered: Mass DNS Takeovers on DigitalOcean
I see myself preparing my first blog post of 2025 almost after passing mid year and reflecting a relatively quiet year of public contributions in Information Security. This research was…
Category: Research
Directory Listing and WordPress: Escalating Old School Bug
Introduction I vividly remember the days when directory listing was regarded as a significant issue during penetration testing engagements. As a penetration tester, another challenge was identifying creative ways to…
OWASP Kathmandu Secret Badge CTF
On September 3rd, 2022, We organized the very first meetup of OWASP Kathmandu local chapter. Our(I and Corrupted_brain) minds were bursting with hundreds of ideas to make the event interesting…
The Organization, Vendor & Application Security
During the Vulnerability Assessment Penetration Testing(VAPT) assessment of an organization’s assets, I encountered an interesting issue that led to flaws observed in all the projects accomplished by the Vendor/Development agency….
Cybersecurity in healthcare
Healthcare is one of the most sensitive and essential industries around the globe. As a result, information systems in healthcare are often targeted by cybercriminals. It is a large industry…
Flywheel Subdomain Takeover
Flywheel is managed WordPress hosting built for designers and creative agencies to build, scale, and manage hundreds of WordPress sites with ease. One can set up a WordPress site in less…
Check Path Traversal over again.
Path traversal attack is one of the OWASP top ten issues widely found in web applications which occurs due to improper handling of user input. Learn more about path traversal…
POST based Open Redirect to R-XSS
Hope you guys are fine in this hard time, I am glad to share something which I have recently discovered and it’s about escalating Informational issue to Medium severity. i.e…
Misconfigured WordPress takeover to Remote Code Execution
Hello Everyone, I hope you guys are doing well. I am sharing a recent issue which I discovered today only. And this is the most instant write-up I have ever…
Data smuggling with your clothes
With the rapid growth of technology, the mediums of data transfer are in copious amount. Whether they are an analog, classic or digital method all do have traces which can…