Signature emblem

whoami

Red Team Operator / Security Researcher

Offensive tooling, evasion & adversary emulation.

Recent Posts

File Upload Vulnerability Report

7 minute read

Bypassing DVWA file upload filters with content-type spoofing and double extensions to plant a PHP reverse shell via LFI.

File Inclusion & Log Poisoning to RCE

9 minute read

Chaining Local File Inclusion with Apache log poisoning to achieve RCE on DVWA, and mitigations like file permissions and whitelisting.

CSRF Vulnerability Report

8 minute read

Using a phishing email to trigger a CSRF password change on DVWA’s admin account, plus defenses like CSRF tokens and SameSite cookies.

Command Injection & RCE in DVWA

6 minute read

Exploiting OS command injection in DVWA to read files and gain a socat reverse shell, with input validation and sanitization defenses.

CVSS and Score Calculation

4 minute read

A breakdown of the CVSS base score metrics and how each exploitability and impact metric influences a vulnerability’s severity rating.