Aydin NaserifardinInfoSec Write-upsDownload | LFI | ORM Injection | Teletypewriter (TTY) hijacking | PostgreSQL | NodeJSHere’s a summary of the key points of Download HTB machine:16 min read·Dec 6, 2023----
Aydin NaserifardinInfoSec Write-ups$1800 Bounty: Exploiting Unpredictable Data that Leads to All Users PII Exposure in an IDOR…Introduction4 min read·Nov 4, 2023--6--6
Aydin NaserifardinInfoSec Write-upsJupiter | HTB | Grafana | raw SQL Query | Shadow Simulator RCE | SattrackJupiter is a medium-level challenge that kicks off with a Grafana dashboard. The journey begins with the quest to pinpoint a potential…8 min read·Oct 29, 2023----
Aydin NaserifardinInfoSec Write-upsAero HTB | Windows 11 RCE & PrivESC | Themebleed | CLFSAero is a Windows machine of moderate difficulty, featuring two recently discovered vulnerabilities: CVE-2023–38146, a Windows 11 Themes…10 min read·Oct 8, 2023----
Aydin NaserifardinInfoSec Write-upsOnlyForYou HTB | LFR | RCE | Cypher Injection (Neo4j) graph database | pip3 download code executionHere’s a summary of the key points of Only4you HTB machine:8 min read·Sep 5, 2023----
Aydin NaserifardinInfoSec Write-upsMailroom HTB | Gitea | XSS | NoSqli | RCE | Exploit Development | StraceMailroom is a challenging Linux machine that hosts a custom web app and a Gitea code repository. The web app has vulnerabilities to…10 min read·Aug 20, 2023----
Aydin NaserifardinInfoSec Write-upsWormGPT: Is it Vulnerable?A few days ago, news was published about a new tool called WormGPT which doesn’t have the limitations of the ChatGPT tool. thats weird!4 min read·Jul 21, 2023--1--1
Aydin NaserifardinInfoSec Write-upsHack The Box Cyber Santa CTF 2021 — Common MistakeFrom the Crypto Category of Cyber Santa Is Coming To Town CTF which was going on from 1st to 5th December 2021, there was a challenge…2 min read·Dec 8, 2021----
Aydin NaserifardinInfoSec Write-upsGuide Point Security CTF — Get Hexy (OCT 2021)In the Misc Category of Guide Point CTF which was held on 12 October to 18 October 2021, there was a challenge called “Get Hexy”. let’s…3 min read·Nov 9, 2021--1--1
Aydin NaserifardinInfoSec Write-upsYear Of The Jellyfish TryHackMe! Walk ThroughI’m going to solve another room called “Yearofthejellyfish“. It’s available at TryHackMe with Hard difficulty level.5 min read·Jul 24, 2021----