01
Server-Side Template Injection (SSTI)
SSTI occurs when user input is embedded directly into a template string that is then rendered server-side. The template engine evaluates your input as code, lea…
2 min read
→
02
Burp Suite Tips & Tricks
Most people use Burp Suite at about 20% of its capability. This post covers the features that actually speed up web pentesting — Match & Replace rules, macr…
5 min read
→
03
XXE Injection Attacks
XXE (XML External Entity) injection lets you read arbitrary files from the server, perform SSRF, and in some cases achieve code execution. It’s consistently und…
3 min read
→
04
XSS Techniques & Payloads
XSS is far more than just <script>alert(1)</script>. This guide covers every variant, context-specific injection, CSP bypass, and advanced exploitat…
3 min read
→
05
Android Pentesting Setup
A proper Android pentesting environment takes about an hour to set up correctly. This guide walks through everything: emulator vs physical device, ADB, Burp Sui…
4 min read
→
06
Command Injection Cheatsheet
Command injection occurs when user input is passed unsanitized to a system shell. Unlike code injection, you’re executing OS commands directly. This cheatsheet …
2 min read
→
07
SQL Injection Cheatsheet
SQL injection remains one of the most impactful vulnerability classes in web applications. This cheatsheet covers every major technique you’ll encounter during …
4 min read
→
08
Nmap Cheatsheet
Nmap is the foundation of every network engagement. This cheatsheet covers every scan type, timing option, NSE category, and evasion technique you’ll need — org…
4 min read
→