SecurityGOAT – Medium

SecurityGOAT

Pinned

Common GraphQL Misconceptions: A rant

Let’s talk about GraphQL, and how evil or good it is — a hot take from a developer cum pentester ;) This post will enlighten your world!

Aug 9, 2021

Common GraphQL Misconceptions: A rant

Aug 9, 2021

Pinned

Peeking into the Future

Today I have been thinking more on how to proceed further with something interesting to share with my audience on a daily basis. Let’s see!

Aug 7, 2021

Peeking into the Future

Aug 7, 2021

Pinned

Injection attacks in Google Sheets!

Let’s learn how to use benign looking CSVs and Spreadsheets to exfiltrate data, without even letting the user know about it ;)

Jul 16, 2021

Injection attacks in Google Sheets!

Jul 16, 2021

Demystifying an XSS payload: Part 4

Let’s demystify an interesting XSS payload and learn about it! This post would aim to help you give my methodology on debugging things.

Aug 16, 2021

Demystifying an XSS payload: Part 4

Aug 16, 2021

Experience Diary: Doing infosec research the right way

Let me share my experience on how I do research on a topic. I would be happy to know your methodology as well :)

Aug 15, 2021

Experience Diary: Doing infosec research the right way

Aug 15, 2021

Intigriti’s Flask Challenge Breakdown

Let’s see what the dev’s have cooked up at Intigriti today! A damn vulnerable & broken Flask application. Let’s hack it for Fun & Learning!

Aug 13, 2021

Intigriti’s Flask Challenge Breakdown

Aug 13, 2021

Neat XSS trick from a G.O.A.T — Gareth Heyes special

Let’s discuss about this interesting XSS challenge, that was shared yesterday by Gareth Heyes! Read on to learn a neat Javascript trick :)

Aug 12, 2021

Neat XSS trick from a G.O.A.T — Gareth Heyes special

Aug 12, 2021

RCE via failed regex check — One dot to rule ’em all!

Let’s learn about how a failed regex check led to RCE in PiHole Admin panel. There’s ofcourse more so check the full post to learn more...

Aug 11, 2021

RCE via failed regex check — One dot to rule ’em all!

Aug 11, 2021

Smuggling Script via URL: Short HTML-based XSS payload

Let’s learn a neat trick on having the XSS payload in the URL for achieving shorter XSS payloads — straight from the greats!

Aug 10, 2021

Smuggling Script via URL: Short HTML-based XSS payload

Aug 10, 2021

Intigriti’s PHP challenge breakdown

Let’s discuss issues with the PHP code shared by Initgriti! We will discuss on how you can shoot yourself in the foot with PHP’s…

Aug 8, 2021

Intigriti’s PHP challenge breakdown

Aug 8, 2021

Bug Bounty Stories #3: Docstring Injection to XSS

Let’s see how I found and exploited an interesting docstring injection issue! I will take you through all the pitfalls and adventures I…

Aug 7, 2021

Bug Bounty Stories #3: Docstring Injection to XSS

Aug 7, 2021

Bug Bounty Stories #2: Tale of an XSS issue

XSS due to an unintended code pattern where my payload escaped the JSON and found its way into DOM!

Aug 6, 2021

Bug Bounty Stories #2: Tale of an XSS issue

Aug 6, 2021

The curious case of domain: Quirky XSS demystified

I think I found the answer to the domain working in some event handlers! Thanks to terjanq & @SecurityMB for helping me figure this out :)

Aug 5, 2021

The curious case of domain: Quirky XSS demystified

Aug 5, 2021

The curious case of domain: Quirky XSS

I was trying out for some XSS payloads and found a quirk that might help in shortening payloads. Read on to see my research process :)

Aug 4, 2021

The curious case of domain: Quirky XSS

Aug 4, 2021

Demystifying an XSS Payload: Part 3 — BruteLogic special

Let’s demystify an amazing XSS payload shared by XSS expert BruteLogic! See my methodology of breaking down XSS payloads for FUN &…

Aug 3, 2021

Demystifying an XSS Payload: Part 3 — BruteLogic special

Aug 3, 2021

XSS is Dead. We just don’t get it.

XSS is dead for so long now but we still don’t get it! We have all the tools and knowledge but still keep popping alerts for money! Why…

Aug 2, 2021

XSS is Dead. We just don’t get it.

Aug 2, 2021

Demystifying an XSS payload: Part 2

Yet another XSS payload reversing writeup. Hang on to learn more on event capturing & bubbling and tabindex attribute!

Aug 1, 2021

Demystifying an XSS payload: Part 2

Aug 1, 2021

Powering the Lamest: Self-XSS FTW!

Let’s see how you can leverage self-XSS! We will see how to leverage reflected and stored self-xss and I will leave some ideas in your…

Jul 31, 2021

Powering the Lamest: Self-XSS FTW!

Jul 31, 2021

Bug Bounty Stories #1: Tale of CSP bypass in an electron app!

Talking of a bug I found a long time back which led to the bypassing of CSP in an electron app :)

Jul 30, 2021

Bug Bounty Stories #1: Tale of CSP bypass in an electron app!

Jul 30, 2021

Demystifying an XSS payload!

Just found an weird and cool trick by Gareth Heyes, so thought to reverse engineer it and find out the root cause :)

Jul 29, 2021

Demystifying an XSS payload!

Jul 29, 2021

SecurityGOAT

SecurityGOAT

Wannabe Hacker! Teaching Infosec in my own insightful ways :) Twitter: twitter.com/_SecurityGOAT | Support: buymeacoffee.com/SecurityGOAT

Help
Status
About
Careers
Press
Blog
Privacy
Rules
Terms
Text to speech