Manuel Saraceni / Blog
Cybersecurity notes, tools documentation, CTF writeups, and project showcases.
Categories
Recent Posts
Chrome Zero-Day Vulnerability
Analysis of a critical Chrome zero-day vulnerability — CVE details, impact, and mitigation strategies.
TryHackMe: Billing
Writeup for the Billing room on TryHackMe — exploitation of a billing application vulnerability.
TryHackMe: Airplane
Writeup for the Airplane room on TryHackMe — LFI exploitation and privilege escalation.
DNS Zone Transfer
A deep dive into DNS Zone Transfer (AXFR) misconfiguration, how to exploit it during penetration tests, and how to secure against it.
dnsEnum
A powerful multithreaded Perl script for DNS enumeration and information gathering.
Recon-ng
A powerful modular OSINT and reconnaissance framework with a Metasploit-like interface.
Dig
The Domain Information Groper (dig) is one of the most powerful command-line tools for querying DNS records.
Fierce
DNS reconnaissance tool for discovering subdomains, IP ranges, and network information of a target domain.
Sublist3r
Python tool for enumerating subdomains using OSINT techniques via multiple search engines and services.
Gobuster
A fast directory and DNS subdomain brute-forcing tool written in Go.
FFUF
Fast and flexible fuzzing tool for web applications written in Go.
Nmap
The ultimate network scanning tool for host discovery, port scanning, OS detection, and vulnerability assessment.