Finding and exploiting SSRF

Monday, Aug 23, 2021 by Hidde Smit

This post describes how to find SSRF vulnerabilities, exploit them and even bypass mitigations.

Continue Reading

OSEP Review

Thursday, Apr 15, 2021 by Hidde Smit

This post describes my experience with the PEN-300 course and OSEP exam.

Continue Reading

CVE-2020-25834 ArcSight Logger Stored XSS

Thursday, Nov 26, 2020 by Hidde Smit

Write-up of a stored XSS delivered via Syslog.

Continue Reading

CVE-2020-13794 Harbor User Enumeration Vulnerability

Wednesday, Sep 16, 2020 by Hidde Smit

Write-up of an user enumeration vulnerability using a non-administrator account which impacts Harbor version <1.9.3.

Continue Reading