Write-up of a classic ASIS CTF challenge: bypassing a preg_match filter that prohibits letters (A-Za-z) using XOR to generate strings without letters that, when executed in eval(), call functions such as phpinfo() or show_source(). A very useful technique for understanding type juggling and WAF bypass in PHP.
Two real techniques for bypassing captive portals on WiFi networks: MAC cloning (weak authentication) and DNS tunnelling with iodine (for more secure portals). Updated with modern tools, best practices, and security recommendations.
Compilation of techniques for obtaining shell access in Windows after RCE. Includes in-memory PowerShell, Powercat, Regsvr32, HTA, Cscript, MSBuild, WMIC, Certutil, and tests against Windows Defender.
Example of phishing in Windows 10 with a PDF and an embedded SettingContent-ms file, automatically executed by JavaScript when the document is opened.
Complete guide to XSS vulnerabilities: types (Reflected, Stored, DOM-Based), filter bypass techniques, and payloads to evade validations and WAFs.