Blog

What is LocalStack and how to quickly start it? LocalStack is a popular open-source platform that emulates AWS services locally, allowing developers to build and test cloud infrastructure without touching real AWS accounts. Because LocalStack runs on localhost and is marketed as a development-only tool, its security surface is often underestimated. During a short exploration of LocalStack’s CloudFormation features, I discovered a broken deployment UI that led to a reflected XSS vulnerability. [Read More]

Exploiting CORS Misconfigurations Introduction During a recent security assessment, I discovered a CORS (Cross-Origin Resource Sharing) misconfiguration that allowed complete bypass of the Same-Origin Policy. This vulnerability enabled an attacker to steal sensitive user information including API keys, email addresses, and session tokens from authenticated users. In this guide, I’ll walk you through the complete exploitation process using PortSwigger’s Web Security Academy lab as a practical example. Lab: CORS vulnerability with basic origin reflection [Read More]

Introduction Bruter is a lightweight application built as an experimental project while learning the Go programming language. Though inspired by the popular Xray tool from GitHub, Bruter introduces its own set of features, tailored specifically for web server testing and configuration validation. Whether you’re a seasoned web administrator or a beginner in cybersecurity, Bruter offers a streamlined way to assess various aspects of web servers with a user-friendly interface. In this blog post, we’ll explore what Bruter does, how it works, and why it might be an essential addition to your web server auditing toolkit. [Read More]

Introduction: In today’s interconnected world, understanding network security is essential. One essential tool in a security professional’s arsenal is a port scanner. You probably thinking what? are you reinventing the wheel? Well not exactly I am building a deeper understanding of what happens under the hood. There are plenty of tools out there that you can use for network scanning starting from the most famous and popular nmap, you can become a master at using them but have you ever tried to read them and understand the engineering behind? [Read More]

This is the very first article that I am publishing on this blog, I wanted to share this experience with folks that are passionate like myself about Security at 360 degrees and also share my thought process to actually produce the correct solution. The assignment received has been pretty interesting and at the same time challenging given that I consider myself a wannabe Security Researcher :D. Without further ado, let’s get into it! [Read More]