Understanding SSTI on Twig

In this blog, we will cover on php template using Twig and how SSTI works. We will go deep dive on every single version of Twig to understand how researcher craft their payload to get RCE, arbitrary file read and etc.

November 9, 2022 路 19 min

Unserialize without unserialize()

This problem occurs when user input is passed directly to unserialize() function. We will learn how to invoke deserialization without using unserialize() function.

May 3, 2023 路 13 min

Emoji Webshell 馃悮

Create obfuscated webshell using emoji in php.

September 22, 2022 路 3 min

Part 0x01: Creating custom printf()

Before we jump into format string vulnerability, we better try to undertand about format specifier in C. In this lesson, we will going through certain thing about format specifier and how to create our own custom printf

January 27, 2024 路 10 min

[TCP1PCTF 2023] Unsecure

TCP1PCTF was organized by Indonesian and it was opened to anyone. The challenge is solely focus on exploiting deserialization vulnerability and how to chain the gadget to get code execution.

October 17, 2023 路 4 min