JWTs are everywhere and so are their misconfigurations. This writeup covers every major JWT attack a pentester needs to know, explained simply with real exploitation steps.

I always forget this. Every single time I start a new box or clone a tool from GitHub, I end up Googling the same stuff again. So I’m writing this down for myself, and for anyone who keeps doing t...

Authentication vulnerabilities are weaknesses in the login or identity-verification process that allow attackers to impersonate users, access sensitive data, or break into systems. These flaws make...

Disclaimer This writeup is for education purpose only. The University target has been anonymized and no data was leaked. This is the story of everything about my first hack, which I discovered tw...