SQL Injection

Bypassing WAF by Playing with Parameters

Web Security

In this post, I’ll explain two similar techniques that can be used to bypass Web Application Firewalls (WAF). These are HTTP Parameter Pollution (HPP) and HTTP Parameter Fragmentation (HPF).

Web Security

Once again, I’m back with another story of an interesting finding. This time I’ll be explaining an SQL injection instance, but this was bit different.

SQL Injection

Bypassing WAF by Playing with Parameters

A Not-So-Blind RCE with SQL Injection

Introduction to Active Directory Delegations

Bypassing WAF by Playing with Parameters

A Not-So-Blind RCE with SQL Injection

Attacking Kerberos: Resource Based Constrained Delegation

Attacking Kerberos: Constrained Delegation

Attacking Kerberos: Unconstrained Delegation