Bryan Leong (NobodyAtall)CVE-2019–12744: Remote Command Execution through Unvalidated File Upload in SeedDMS versions < 5.1.1SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a different vulnerability…4 min read·Jun 24, 2021----
Bryan Leong (NobodyAtall)Think Before You Scan (Phishing QR Code)QR code had been use used in payments mostly nowadays, but the problem is that every QR code looks the same.6 min read·Jun 5, 2021----
Bryan Leong (NobodyAtall)Hacksudo 3 Writeup (InfoSec Prep)We going to try out Hacksudo: 3 machine that’s created for the InfoSec Prep Discord Server. I would say that one of my favorite in this…8 min read·Jun 3, 2021----
Bryan Leong (NobodyAtall)Utilizing Windows LNK Features for Phishing With Macro MalwareCrafting a Windows LNK with hotkey features => execute system command. Then, create a Microsoft office macro enabled document to utilize…4 min read·May 29, 2021----
Bryan Leong (NobodyAtall)Performs OSINT on Thomas Straussman (OSINT Challenge)Today, we will try out some TryHackMe OSINT challenge on a target named “Thomas Straussman” that’s suspected cheating on his wife.9 min read·May 28, 2021----
Bryan Leong (NobodyAtall)TryHackMe: Attacktive Directory (Active Directory Pentesting Practice)As we know that 99% of the machines in the corporate network they’re running Active Directory. So this article we will be doing a room from…9 min read·May 23, 2021----
Bryan Leong (NobodyAtall)Network Pivoting Using SSH & Return Reverse Shell From Internal Network MachinePerform pivoting into the internal network machine through SSH port forwarding to gain access to the internal network web server. Then…5 min read·May 22, 2021----
Bryan Leong (NobodyAtall)Exploiting Basic Buffer Overflow in VulnServer (TRUN Command)VulnServer is useful for beginner which wants to learn how to find buffer overflow vulnerabilities & develop their own exploit script that…11 min read·May 22, 2021----
Bryan Leong (NobodyAtall)PortSwigger: Basic Password Reset Poisoning WriteupIn this article, we’ll be discussing an account takeover technique which use the HTTP host header attack to perform password reset…6 min read·May 22, 2021----
Bryan Leong (NobodyAtall)Firmware Analysis on NetGear Access Point WNAP 320We can see that there’s a lot of IoT devices that is connected to the internet today. But most of the user did not notice that their IoT…6 min read·May 21, 2021----