Welcome🖐 | Ren’s Cyber Sec

XSS (Cross site scripting)

Victim visit malicious URL/site to trigger the payload made of JavaScript. Causing their session to be controlled or data to be stolen

By Ren Sie

Posted on September 15, 2025

Cross-site scripting (XSS) is a web security flaw where attackers inject malicious scripts into trusted websites, which then execute in the browsers of unsuspecting users. This exploitation allows attackers to steal sensitive data, hijack user sessions, or manipulate website content by taking advantage of web applications that do not properly... [Read More]

LDAP Injection

LDAP allow attacker to bypass the authentication to retrieve user’s data or perform RCE

By Ren Sie

Posted on July 31, 2025

LDAPi is very similar to other injection (E.g., SQLi, NoSQL, OSi). It allow attacker to bypass the authentication to retrieve user’s data or perform RCE [Read More]

Command Injection

Application taking input from the user. Then passing the input to the function which executes as the code

By Ren Sie

Posted on July 31, 2025

Injection Type: Basic Blind Out of Band [Read More]

XXE (XML External Entities) Injection

How malicious user can abouse External Entities to perform XXE

By Ren Sie

Posted on July 30, 2025

The method isn’t as popular as others because of the patches. But if comes across with application that access and passing XML, worth trying! [Read More]

Insecure deserialization

Insert serialized malicious command, and it triggers when the application deserialization.

By Ren Sie

Posted on July 30, 2025

The attack can lead to RCE, privilege escalation, arbitrary file access, and denial-of-service attacks. [Read More]