Hacking - Fady's Technical Blog

Go Local : Solving intigriti 3rd XSS Challenge

Few hours ago intigirit posted their third XSS challenge, the solution of the challenge is a little different than your typical XSS challenges. In this write up I will try to walk you through both my failed and successful attempts at solving this challenge to give you about how you

upnp

UPNP Attacks : Hello Old Friend

Update : I don't have a complete evidence that the attacks were UPNP attack except from the hacker's page about the attack and some news websites, however, until a firm confirmation from google or from a researcher who has seen the attack on action we will never know. Hi there, Few

AFL

AFL / WinAFL Tips and Tricks

Hi there As you all know there are so many tutorials online explaining how to use AFL online, some of them introduce some really cool tricks that helps AFL or WinAFL to find more bugs or to fuzz faster. The goal of this blog post is to collect these tricks

bugbounty

How I Discovered XSS that Affects around 20 Uber Subdomains

Hi again, Welcome my first bug bounty write up, I don't do bug bounty that much especially web bug bounties but it started to interest me lately so I decided to start looking for bugs in UBER. Disclaimer Before you start I highly recommend you read about SAML authentication if

Hacking

Building a Feedback Driven Fuzzer - Dev Log 4 : GUI is Here

Note: If you haven't read previous posts about the fuzzer, I recommend you read them here Hi There, It has been a while since I posted about my fuzzer, I was a little busy with other stuff but I did have some time to make a GUI for the fuzzer.

openvpn

Using ShadowSocks to Bypass OpenVPN Restrictions (Works in Egypt)

Hello again, another post that is not related to my fuzzer since I am kinda busy with other stuff these days. Disclaimer : This post assumes you have a machine on the cloud like a VPS or dedicated server, unfortenatly without that you can't follow the steps below, if you don't

patreon

Patreon : Make sure to bill upfront or your content can be accessible for free

Hi there, this is a quick post until I have something to add in my fuzzer series or the new series I am currently preparing ;) A while ago one of the groups I follow in facebook published a link that I was interested in, I opened the link and it

Hacking

Building a Feedback Driven Fuzzer - Dev Log 3 : Radamsa Integration

Hello again, we are back with our third devlog, today we will talk about how I integrated radamsa as my mutation engine. My first attempt at this was by forking radamsa for each iteration, meaning that I needed to fork the fuzzed program and also fork radmasa to generate the

Hacking

Building a Feedback Driven Fuzzer - Dev Log 2 : Coverage

Hello again, so today we will talk about how I calculate coverage by counting the basic blocks that gets executed. A very easy way to do it is to use DynamoRio, Dynamorio is a dynamic instrumentation framework, luckily for me dynamo rio comes with drcov which is a module to

Hacking

Building a Feedback Driven Fuzzer - Dev Log 1

Feedback driven fuzzing (AKA Genetic Fuzzing) have been proven to be one of the most effective ways to find memory corruptions. One of the best fuzzers out there is AFL which is created by lcamtuf (Michał Zalewski). AFL can fuzz both open source applications using instrumentation which is very effective

offsec

CTP and OSCE : My Experience

Hello again people, A couple of days ago I successfully passed the OSCE exam, So I wanted to share with you my experience and my mistakes may be it can be helpful. Unlike OSCP which provided you with many labs and challenged you to hack them, OSCE provides you the

Certificates

PWK and OSCP my experience

Hello people, So today I passed the OSCP exam. It was a long road but totally worth it, so I decided to share the story about this lovely journey to get the OSCP certificate and some of the mistakes I made and hope that you won’t make the same