the blog.

A simple Data Exfiltration!

Yes, another XXE attack but with the help of a Microsoft Excel file. Without any further due, let’s get started! XXE Attack: I precisely copied what is XXE from the internet and pasted it in my previous blog post, “A journey from XML External Entity (XXE) to NTLM hashes!“. If you want to know about…

Read More

A journey from XML External Entity (XXE) to NTLM hashes!

We will start this blog post with an XML External Entity attack. Furthermore, we will discuss how I was able to capture NTLM v2 hashes using responder and evil-ssdp with the help of that XXE vulnerability. XXE Attack: There is a web security vulnerability that allows an attacker to mess with an application’s XML processing….

Read More

Vertical Privilege Escalation in Facebook’s Workplace!

Hello, I’m Shubham and I have decided to share my finding on one of Facebook’s products “Workplace”! More about Workplace! Workplace is a communication tool that connects everyone in your company, even if they’re working remotely. Use familiar features such as Groups, Chat, Rooms, and live video broadcasting to get people talking and working together….

Read More