development

In this blog, we will cover on php template using Twig and how SSTI works. We will go deep dive on every single version of Twig to understand how researcher craft their payload to get RCE, arbitrary file read and etc.

Create obfuscated webshell using emoji in php.

Before we jump into format string vulnerability, we better try to undertand about format specifier in C. In this lesson, we will going through certain thing about format specifier and how to create our own custom printf