NMAP Scan we can see there are 2 services on port 22 and port 80. we will check out port 80. upon directory enumeration, we found an interesting directory on the website lets explore it, here we can see an attachment with .pcap extension, let’s download it and open it with wireshark. as you can see in the image we upon examining the POST request, we found out the credentials, now we are going to try them in on the HOST website i.e development.smag.thm . ...
These Design Flaws Contain: 1. AS02: Security Misconfigurations 2. AS03: Software Supply Chain Failures 3. AS04: Cryptographic Failures 4. AS06: Insecure Design AS02: Security Misconfigurations Happens when system, servers or applications are deployed with unsafe defaults, incomplete settings, or exposed services. These are not code bugs but mistakes in how the environment, software or network is set up. They create easy entry points for attackers. even a small misconfig can expose sensitive data, enable priv esc, of give foothold to the attackers. Modern applications rely on complex stacks, cloud services, and third-party APIs. A single exposed admin panel, an open storage bucket, or misconfigured permissions can compromise the entire system. ...
This room will introduce you to 3 elements of the OWASP Top 10 list (2025). In this room, you will learn about the elements relating to application behaviour and user input. We will cover these vulnerabilities briefly, how to prevent them, and finally, you will practice exploiting these vulnerabilities: A04: Cryptographic Failures A05: Injection A08: Software or Data Integrity Failures How to Prevent Cryptographic Failures Preventing cryptographic failures starts with choosing strong, modern algorithms and implementing them properly. Sensitive information such as passwords should be hashed using robust, slow hashing functions like bcrypt, scrypt, or Argon2. When encrypting data, avoid creating your own algorithms; instead, rely on trusted, industry-standard libraries. ...
Exam Duration and Difficulty I recently cleared the eJPT (eLearnSecurity Junior Penetration Tester) exam, and overall, it was a very solid learning experience. I completed the exam in about 35 hours, including sleep. While it wasn’t extremely hard to pass, I wouldn’t call it easy either. I’d place it somewhere between intermediate and hard, especially if you’re completely new to penetration testing. More About Penetration Testing Than Web Apps One thing that surprised me was that the exam is not very focused on web application penetration testing. There is some web-related work, but most of the exam feels more like real-world network and system-level penetration testing. You spend more time enumerating services, exploiting misconfigurations, moving through systems, and understanding how different parts of the network connect, which I personally enjoyed a lot. ...
🚀 Starting My eJPT Journey! I’ve officially enrolled in the eLearnSecurity Junior Penetration Tester (eJPT) course 🎯 Investment: $250 Target: Complete before November 2025 The eJPT is an entry-level penetration testing certification that covers network pentesting, web app basics, and exploitation methodology. I’m taking this course to strengthen my fundamentals and prepare for bug bounty hunting and more advanced certs. Why I’m doing this Build a solid foundation in penetration testing. Prepare for bug bounty hunting (web focus) and certifications like eCPPT/OSCP later. Learn in public — I’ll post updates, lessons learned, and lab writeups here. What I’ll share Weekly progress updates and lab highlights. Short writeups for interesting labs and techniques. Tools and resources I found useful. If you’ve taken eJPT or are preparing, I’d love your tips! 🙌 ...
I’m excited to share that I’ve officially completed my CompTIA Security+ certification! 🎉 📌 Why I took Security+ To strengthen my fundamentals in cybersecurity. To improve my chances for internships. To gain structured knowledge in security domains. 💡 My Experience The exam was challenging but rewarding. I prepared with: Andrew Ramdayal’s Udemy Course, Jason Dion Practice Exams, my own Handwritten notes. Consistent study schedule alongside college. 🛠️ Key Learnings Some of the most valuable areas I learned: ...
Hi, I’m Akshat Agarwal, a cybersecurity enthusiast and BCA (Hons.) student at Christ University, Bangalore, India. I’m currently studying for the CompTIA Security+ certification, and this blog is where I document my journey — from tutorials and notes to projects and practical cybersecurity insights. This platform is also part of my effort to build a strong profile for applying to internships in cybersecurity. If you’re a beginner, a fellow learner, or a recruiter — you’re in the right place. ...