How I Won First Place at DEFCON 33 Bug Bounty Village CTF
At DEFCON 33, the Bug Bounty Village hosted its first-ever Capture the Flag (CTF), delivered on the CTF.ae platform. Unlike traditional puzzle-heavy CTFs, this event was designed to replicate the workflow of a real bug bounty program. Multiple web applications were provided, each with bugs resembling
Read MoreA simple Data Exfiltration!
Yes, another XXE attack but with the help of a Microsoft Excel file. Without any further due, let’s get started! XXE Attack: I precisely copied what is XXE from the internet and pasted it in my previous blog post, “A journey from XML External Entity (XXE)
Read MoreA journey from XML External Entity (XXE) to NTLM hashes!
We will start this blog post with an XML External Entity attack. Furthermore, we will discuss how I was able to capture NTLM v2 hashes using responder and evil-ssdp with the help of that XXE vulnerability. XXE Attack: There is a web security vulnerability that allows
Read MoreAny Account Takeover Through Privilege Escalation
Hello, I was eagerly waiting to share this with you! 🙂 Due to the two reasons. It’s Account Takeover And I wanted to tell you, “How Important is to revisit your old target to pwn the new features!” I have already shared one of the write-up
Read MoreVertical Privilege Escalation in Facebook’s Workplace!
Hello, I’m Shubham and I have decided to share my finding on one of Facebook’s products “Workplace”! More about Workplace! Workplace is a communication tool that connects everyone in your company, even if they’re working remotely. Use familiar features such as Groups, Chat, Rooms, and live
Read More



