Bryan Leong (NobodyAtall)CVE-2019–12744: Remote Command Execution through Unvalidated File Upload in SeedDMS versions < 5.1.1SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a different vulnerability…Jun 24, 2021Jun 24, 2021
Bryan Leong (NobodyAtall)Think Before You Scan (Phishing QR Code)QR code had been use used in payments mostly nowadays, but the problem is that every QR code looks the same.Jun 5, 20211Jun 5, 20211
Bryan Leong (NobodyAtall)Hacksudo 3 Writeup (InfoSec Prep)We going to try out Hacksudo: 3 machine that’s created for the InfoSec Prep Discord Server. I would say that one of my favorite in this…Jun 3, 2021Jun 3, 2021
Bryan Leong (NobodyAtall)Utilizing Windows LNK Features for Phishing With Macro MalwareCrafting a Windows LNK with hotkey features => execute system command. Then, create a Microsoft office macro enabled document to utilize…May 29, 2021May 29, 2021
Bryan Leong (NobodyAtall)Performs OSINT on Thomas Straussman (OSINT Challenge)Today, we will try out some TryHackMe OSINT challenge on a target named “Thomas Straussman” that’s suspected cheating on his wife.May 28, 2021May 28, 2021
Bryan Leong (NobodyAtall)TryHackMe: Attacktive Directory (Active Directory Pentesting Practice)As we know that 99% of the machines in the corporate network they’re running Active Directory. So this article we will be doing a room from…May 23, 2021May 23, 2021
Bryan Leong (NobodyAtall)Network Pivoting Using SSH & Return Reverse Shell From Internal Network MachinePerform pivoting into the internal network machine through SSH port forwarding to gain access to the internal network web server. Then…May 22, 2021May 22, 2021
Bryan Leong (NobodyAtall)Exploiting Basic Buffer Overflow in VulnServer (TRUN Command)VulnServer is useful for beginner which wants to learn how to find buffer overflow vulnerabilities & develop their own exploit script that…May 22, 2021May 22, 2021
Bryan Leong (NobodyAtall)PortSwigger: Basic Password Reset Poisoning WriteupIn this article, we’ll be discussing an account takeover technique which use the HTTP host header attack to perform password reset…May 22, 2021May 22, 2021
Bryan Leong (NobodyAtall)Firmware Analysis on NetGear Access Point WNAP 320We can see that there’s a lot of IoT devices that is connected to the internet today. But most of the user did not notice that their IoT…May 21, 2021May 21, 2021