site revamp

Author: devplayer55221

content/blog.md

@@ -0,0 +1,20 @@
++++
+title = "Blog"
+date = "2014-04-09"
+aliases = ["posts","blog-posts"]
+[ author ]
+  name = "Mukund Kedia"
++++
+
+1. [ASP.NET security]({{< ref "/posts/aspdotnet-security.md" >}})
+2. [Thick client Pentest methodology]({{< ref "/posts/thick-client-pentest.md" >}})
+3. [Observations while learning Web app security]({{< ref "/posts/web-security-observation.md" >}})
+4. [Connecting Raspberry-Pi to Laptop Without HDMI or Ethernet Cable]({{< ref "/posts/raspberry-pi-to-laptop.md" >}})
+5. [Decoding Digital Personal Data Protection Act For Organizations]({{< ref "/posts/decoding-dpda.md" >}})
+6. [HackTheBox Business CTF 2023 – Crypto]({{< ref "/posts/htb-businessctf-2023-crypto.md" >}})
+7. [Understanding HTTP Request Smuggling With Hop-To-Hop Headers]({{< ref "/posts/http-request-smuggling.md" >}})
+8. [How To Use NoSQL Injection To Overwrite The Redis Keys]({{< ref "/posts/nosql-injection.md" >}})
+9. [Nahamcon CTF 2024 Crypto writeup — Magic RSA, Encryption Server]({{< ref "/posts/nahamconctf-2024-crypto.md" >}})
+10. [Reverse Engineering — Malware Analysis — 1]({{< ref "/posts/re-ml-1.md" >}})
+11. [XSS bypassing Modsecruity WAF]({{< ref "/posts/modsecurity-xss.md" >}})
+12. [CVE in AppSamvid thick client app]({{< ref "/posts/appsamvid-cve.md" >}})

content/posts.md

@@ -0,0 +1,11 @@
++++
+title = "CVE in AppSamvid thick client app"
+type = "post"
+date = "2024-09-21"
+[ author ]
+  name = "Mukund Kedia"
++++
+
+Found vulnerabilities while checking the AppSamvid application with my colleague [Avinash](https://www.linkedin.com/in/avinash-kumar22/).
+
+[https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0081](https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0081)

content/posts/appsamvid-cve.md

@@ -0,0 +1,11 @@
++++
+title = "ASP.NET Security"
+type = "post"
+date = "2024-09-21"
+[ author ]
+  name = "Mukund Kedia"
++++
+
+Learning few things about security implementation in ASP.NET for source code review.
+
+[https://medium.com/@devplayer55221/asp-net-security-c51db01f5faf](https://medium.com/@devplayer55221/asp-net-security-c51db01f5faf)

content/posts/aspdotnet-security.md

@@ -0,0 +1,11 @@
++++
+title = "Decoding Digital Personal Data Protection Act For Organizations"
+type = "post"
+date = "2024-09-21"
+[ author ]
+  name = "Mukund Kedia"
++++
+
+Gone through the new Digital Personal Data Protection Act and wrote an article that could be helpful to the organziations.
+
+[https://payatu.com/blog/decoding-digital-personal-data-protection-act-for-organizations](https://payatu.com/blog/decoding-digital-personal-data-protection-act-for-organizations)

content/posts/decoding-dpda.md

@@ -0,0 +1,11 @@
++++
+title = "HackTheBox Business CTF 2023 – Crypto"
+type = "post"
+date = "2024-09-21"
+[ author ]
+  name = "Mukund Kedia"
++++
+
+Our team 'Payatu Bandits' played the HTB Business CTF 2023 and I solved one of the Crypto challenge.
+
+[https://payatu.com/blog/hackthebox-business-ctf-2023-crypto](https://payatu.com/blog/hackthebox-business-ctf-2023-crypto)

content/posts/htb-businessctf-2023-crypto.md

@@ -0,0 +1,11 @@
++++
+title = "Understanding HTTP Request Smuggling With Hop-To-Hop Headers"
+type = "post"
+date = "2024-09-21"
+[ author ]
+  name = "Mukund Kedia"
++++
+
+HTTP Request Smuggling could occur using Hop-To-Hop Headers that lead to Cache Poisoning.
+
+[https://payatu.com/blog/http-request-smuggling/](https://payatu.com/blog/http-request-smuggling/)

content/posts/http-request-smuggling.md

@@ -0,0 +1,13 @@
++++
+title = "XSS bypassing ModSecurity WAF"
+type = "post"
+date = "2024-09-21"
+[ author ]
+  name = "Mukund Kedia"
++++
+
+Found an XSS payload that bypassed the ModSecurity coreruleset.
+
+It is fixed now.
+
+[https://github.com/coreruleset/coreruleset/issues/3381](https://github.com/coreruleset/coreruleset/issues/3381)

content/posts/modsecurity-xss.md

@@ -0,0 +1,11 @@
++++
+title = "Nahamcon CTF 2024 Crypto writeup — Magic RSA, Encryption Server"
+type = "post"
+date = "2024-09-21"
+[ author ]
+  name = "Mukund Kedia"
++++
+
+Solved two Crypto challenges in Nahamcon CTF 2024. Here are the writeups of those.
+
+[https://medium.com/@devplayer55221/nahamcon-ctf-2024-crypto-writeup-magic-rsa-encryption-server-6edd1cd9704f](https://medium.com/@devplayer55221/nahamcon-ctf-2024-crypto-writeup-magic-rsa-encryption-server-6edd1cd9704f)

content/posts/nahamconctf-2024-crypto.md

@@ -0,0 +1,11 @@
++++
+title = "How To Use NoSQL Injection To Overwrite The Redis Keys"
+type = "post"
+date = "2024-09-21"
+[ author ]
+  name = "Mukund Kedia"
++++
+
+NoSQL Injection demonstration on Redis.
+
+[https://payatu.com/blog/nosql-injection/](https://payatu.com/blog/nosql-injection/)