https://nstsec.com/en/tags/ethical-hacking/ Recent content in Ethical Hacking on nstsec.com https://nstsec.com/images/index.png https://nstsec.com/images/index.png Hugo en Thu, 16 Apr 2026 18:30:00 +0200 https://nstsec.com/en/posts/postiz-xss-cve-2026-40487/ Thu, 16 Apr 2026 18:30:00 +0200 https://nstsec.com/en/posts/postiz-xss-cve-2026-40487/ How I discovered an Arbitrary File Upload in Postiz (CVE-2026-40487, CVSS 8.9 High) that allows full account takeover. https://nstsec.com/en/posts/oswe-awae-prep/ Thu, 13 Nov 2025 22:03:59 +0200 https://nstsec.com/en/posts/oswe-awae-prep/ Resources, labs, case studies and practical tips to prepare for the OSWE (OffSec Web Expert) exam and the AWAE (WEB-300) course. https://nstsec.com/en/posts/nasa-letter-of-recognition/ Wed, 02 Apr 2025 12:45:00 +0000 https://nstsec.com/en/posts/nasa-letter-of-recognition/ Letter of recognition from NASA https://nstsec.com/en/posts/my-oscp-cheatsheets/ Wed, 10 May 2023 11:40:24 +0200 https://nstsec.com/en/posts/my-oscp-cheatsheets/ Notes and essential commands for OSCP. Techniques, exploits, and strategies for exam success. https://nstsec.com/en/posts/pwndoc-username-enumeration-cve-2022-44023/ Sat, 29 Oct 2022 10:45:00 +0200 https://nstsec.com/en/posts/pwndoc-username-enumeration-cve-2022-44023/ PwnDoc <= 0.5.3 - Username Enumeration via Different Responses https://nstsec.com/en/posts/pwndoc-username-enumeration-cve-2022-44022/ Sat, 29 Oct 2022 10:23:19 +0200 https://nstsec.com/en/posts/pwndoc-username-enumeration-cve-2022-44022/ PwnDoc <= 0.5.3 - Username Enumeration via Response Timings https://nstsec.com/en/posts/xwiki-xss-cve-2020-13654/ Wed, 30 Dec 2020 11:19:29 +0200 https://nstsec.com/en/posts/xwiki-xss-cve-2020-13654/ How I discovered a Stored XSS in XWiki Platform < 12.8, why the HttpOnly flag prevented cookie theft, and how I had to pivot the attack toward a privilege escalation via CSRF, ultimately earning my first CVE from MITRE.