Numb ShivaXSS Via XML Value ProcessingXXE is not the only vulnerability that can be introduced to a web application when processing XML files. If the values within strings are…4 min read·Jan 26, 2021----
Numb ShivaApplication takeover via Password Reset Token TheftWhen adding a “Password Reset” function to your application you should ensure it has same security considerations as any other critical…3 min read·Jan 18, 2021----
Numb ShivaThe Importance of ReconWhen beginning any security assessment, whether it be a penetration test, bug bounty or a red team engagement, it is vitally important to…3 min read·Jun 9, 2020----
Numb ShivaOSCP (non-technical) TipsAfter recently completing my OSCP (2nd exam attempt) I wanted to give a few non-technical tips since most guides out there seem to focus…2 min read·Mar 24, 2020----
Numb ShivaFun with SolarWinds SFTP ServerThe “s” is meant to mean “secure”, right?2 min read·Jan 7, 2019----
Numb ShivaUsing UPX packer to bypass AVNote: This is an older post from my old GitHub pages ‘blog’. Information was correct at the time this was posted in that location, circa…3 min read·Oct 26, 2018----
Numb ShivaImageMagic RCEOvernight @taviso dropped a few vulnerabilities in GhostScript, including one that will cause code execution in ImageMagick.1 min read·Aug 22, 2018----
Numb ShivaSysmon + Splunk AlertingWhen playing for the blue team, there’s a fair chance you’ll need to get some alerting in place to warn you of some potential bad in your…2 min read·Jun 8, 2018----
Numb ShivaCVE-2017–17108 — KonaKart Path Traversal“KonaKart is a java based eCommerce software platform trusted by top brands throughout the world to give them a stable, high- performance…2 min read·May 11, 2018----