https://dedsec-2.github.io/Recent content on DedsecHugoenSat, 09 May 2026 14:00:00 +0200https://dedsec-2.github.io/posts/client-side-auth-bypass-injection-chain/Sat, 09 May 2026 14:00:00 +0200https://dedsec-2.github.io/posts/client-side-auth-bypass-injection-chain/<h2 id="-intro">$ ./intro</h2> <p>Some targets look locked down at first glance. Login page, redirect on every protected URL, role-gated sections marked &ldquo;Not Authorized.&rdquo; You open Burp, run a few requests, and think <em>&ldquo;this is going to be a long day.&rdquo;</em></p> <p>Then you notice that none of the HTTP responses ever return a <code>302</code>. And your whole afternoon changes.</p> <p>This is a writeup of a web application penetration test against an internal manufacturing dashboard — a platform used by engineers, factory leads, and regional teams to track production data, file technical issues, and manage order queues. The application had a multi-role access model with pages supposedly gated behind authorization checks. What it did not have was any of those checks running on the server.</p>https://dedsec-2.github.io/posts/welcome/Sat, 09 May 2026 10:00:00 +0200https://dedsec-2.github.io/posts/welcome/<h2 id="-init">$ ./init</h2> <p>This blog will document offensive security engagements, techniques, and research.</p> <p>Topics covered:</p> <ul> <li>Web &amp; API penetration testing</li> <li>Active Directory exploitation</li> <li>Red team operations</li> <li>Mobile security</li> <li>Exploit development</li> </ul> <p>Stay tuned.</p>https://dedsec-2.github.io/about/Sat, 09 May 2026 00:00:00 +0000https://dedsec-2.github.io/about/<img src="https://dedsec-2.github.io/img/avatar.jpg" alt="Dedsec" style="width:220px; float:right; margin:0 0 1rem 2rem; border:none !important; padding:0 !important; background:transparent !important;" /> <h2 id="-about">$ ./about</h2> <p>Senior Offensive Security Consultant based in Egypt, focused on adversarial simulation and offensive research.</p> <p>This blog documents engagements, techniques, and research from real-world penetration testing — primarily web, API, Active Directory, and red team operations, with ongoing work in reverse engineering and exploit development.</p> <h2 id="-focus">$ ./focus</h2> <ul> <li><strong>Web &amp; API Security</strong> — application logic flaws, authentication and authorization bypasses, injection chains</li> <li><strong>Active Directory &amp; Red Teaming</strong> — full kill chain operations, credential access, lateral movement, privilege escalation</li> <li><strong>Mobile Security</strong> — Android dynamic analysis, static analysis, runtime instrumentation</li> <li><strong>Reverse Engineering &amp; Exploit Development</strong> — currently advancing through Ret2 Systems&rsquo; Software Exploitation curriculum</li> </ul> <h2>$ ./certifications</h2> <div style="display: grid; grid-template-columns: repeat(auto-fit, minmax(280px, 1fr)); gap: 0.75rem; margin: 1.5rem 0;"> <div style="border: 1px solid var(--accent); padding: 0.75rem 1rem; background: #000;"><strong style="color: var(--accent);">OSCP</strong><br/><small>Offensive Security Certified Professional</small></div> <div style="border: 1px solid var(--accent); padding: 0.75rem 1rem; background: #000;"><strong style="color: var(--accent);">CRTO</strong><br/><small>Certified Red Team Operator</small></div> <div style="border: 1px solid var(--accent); padding: 0.75rem 1rem; background: #000;"><strong style="color: var(--accent);">CRTP</strong><br/><small>Certified Red Team Professional</small></div> <div style="border: 1px solid var(--accent); padding: 0.75rem 1rem; background: #000;"><strong style="color: var(--accent);">HTB CPTS</strong><br/><small>Hack The Box Certified Penetration Testing Specialist</small></div> <div style="border: 1px solid var(--accent); padding: 0.75rem 1rem; background: #000;"><strong style="color: var(--accent);">CAPen</strong><br/><small>Certified AppSec Pentester · SecOps Group</small></div> <div style="border: 1px solid var(--accent); padding: 0.75rem 1rem; background: #000;"><strong style="color: var(--accent);">CNPen</strong><br/><small>Certified Network Pentester · SecOps Group</small></div> <div style="border: 1px solid var(--accent); padding: 0.75rem 1rem; background: #000;"><strong style="color: var(--accent);">eCPPTv2</strong><br/><small>eLearnSecurity Certified Professional Penetration Tester</small></div> <div style="border: 1px solid var(--accent); padding: 0.75rem 1rem; background: #000;"><strong style="color: var(--accent);">PT1</strong><br/><small>TryHackMe Penetration Tester I</small></div> <div style="border: 1px solid var(--accent); padding: 0.75rem 1rem; background: #000;"><strong style="color: var(--accent);">RastaLabs</strong><br/><small>Hack The Box ProLab</small></div> </div> <h2>$ ./domains</h2> <div style="display: grid; grid-template-columns: repeat(auto-fit, minmax(280px, 1fr)); gap: 0.75rem; margin: 1.5rem 0;"> <div style="border: 1px solid var(--accent); padding: 0.75rem 1rem;"> <strong style="color: var(--accent);">Web Application Pentesting</strong> <ul style="margin: 0.5rem 0 0 1rem; padding: 0;"> <li>OWASP Top 10</li> <li>Business logic flaws</li> <li>Authentication bypasses</li> <li>Injection chains (SQLi, SSTI, SSRF)</li> <li>Access control flaws</li> </ul> </div> <div style="border: 1px solid var(--accent); padding: 0.75rem 1rem;"> <strong style="color: var(--accent);">API Pentesting</strong> <ul style="margin: 0.5rem 0 0 1rem; padding: 0;"> <li>REST and GraphQL testing</li> <li>BOLA / IDOR exploitation</li> <li>Mass assignment</li> <li>JWT abuse</li> <li>Rate limiting bypass</li> </ul> </div> <div style="border: 1px solid var(--accent); padding: 0.75rem 1rem;"> <strong style="color: var(--accent);">Active Directory & Red Teaming</strong> <ul style="margin: 0.5rem 0 0 1rem; padding: 0;"> <li>Full kill chain operations</li> <li>Kerberos attacks (Kerberoasting, ASREP)</li> <li>NTDS.dit extraction</li> <li>Lateral movement and pivoting</li> <li>Cross-forest compromise</li> </ul> </div> <div style="border: 1px solid var(--accent); padding: 0.75rem 1rem;"> <strong style="color: var(--accent);">Network Pentesting</strong> <ul style="margin: 0.5rem 0 0 1rem; padding: 0;"> <li>Internal infrastructure assessment</li> <li>External perimeter testing</li> <li>Service exploitation</li> <li>SMB and LDAP abuse</li> <li>Post-exploitation enumeration</li> </ul> </div> <div style="border: 1px solid var(--accent); padding: 0.75rem 1rem;"> <strong style="color: var(--accent);">Mobile Pentesting</strong> <ul style="margin: 0.5rem 0 0 1rem; padding: 0;"> <li>Android dynamic analysis with Frida</li> <li>Static analysis with Jadx and MobSF</li> <li>Runtime instrumentation</li> <li>IPC and intent abuse</li> <li>Root detection bypass</li> </ul> </div> <div style="border: 1px solid var(--accent); padding: 0.75rem 1rem;"> <strong style="color: var(--accent);">Source Code Review</strong> <ul style="margin: 0.5rem 0 0 1rem; padding: 0;"> <li>White-box web app assessment</li> <li>API source review</li> <li>Java, .NET, PHP, Node.js</li> <li>Secure coding evaluation</li> <li>SAST integration</li> </ul> </div> <div style="border: 1px solid var(--accent); padding: 0.75rem 1rem;"> <strong style="color: var(--accent);">Desktop Application Pentesting</strong> <ul style="margin: 0.5rem 0 0 1rem; padding: 0;"> <li>Thick-client testing</li> <li>.NET reverse engineering</li> <li>Local privilege escalation</li> <li>Insecure deserialization</li> <li>IPC and DLL hijacking</li> </ul> </div> <div style="border: 1px solid var(--accent); padding: 0.75rem 1rem;"> <strong style="color: var(--accent);">Reverse Engineering</strong> <ul style="margin: 0.5rem 0 0 1rem; padding: 0;"> <li>Binary analysis (Ghidra, IDA)</li> <li>.NET decompilation (dnSpy)</li> <li>Malware analysis basics</li> <li>Protocol reverse engineering</li> <li>Anti-debugging bypass</li> </ul> </div> <div style="border: 1px solid var(--accent); padding: 0.75rem 1rem;"> <strong style="color: var(--accent);">Exploit Development</strong> <ul style="margin: 0.5rem 0 0 1rem; padding: 0;"> <li>Stack and heap overflows</li> <li>ROP chain construction</li> <li>Modern mitigation bypass</li> <li>Ret2 Systems curriculum</li> <li>Userland exploitation</li> </ul> </div> <div style="border: 1px solid var(--accent); padding: 0.75rem 1rem;"> <strong style="color: var(--accent);">Phishing & Social Engineering</strong> <ul style="margin: 0.5rem 0 0 1rem; padding: 0;"> <li>Adversarial campaigns</li> <li>Evilginx credential harvesting</li> <li>Multi-stage payload delivery</li> <li>Awareness assessments</li> <li>Pretext development</li> </ul> </div> <div style="border: 1px solid var(--accent); padding: 0.75rem 1rem;"> <strong style="color: var(--accent);">Configuration Reviews</strong> <ul style="margin: 0.5rem 0 0 1rem; padding: 0;"> <li>Firewall rule auditing</li> <li>Router and switch hardening</li> <li>Enterprise security solutions</li> <li>CIS benchmarks</li> <li>Network segmentation review</li> </ul> </div> <div style="border: 1px solid var(--accent); padding: 0.75rem 1rem;"> <strong style="color: var(--accent);">Vulnerability Assessment</strong> <ul style="margin: 0.5rem 0 0 1rem; padding: 0;"> <li>Tenable Nessus scans</li> <li>Nmap and service enumeration</li> <li>Manual validation</li> <li>Risk prioritization</li> <li>Remediation guidance</li> </ul> </div> </div> <h2 id="-experience">$ ./experience</h2> <ul> <li><strong>Senior Offensive Security Consultant</strong> — CyberTeq · Jun 2025 – Present</li> <li><strong>Offensive Security Engineer</strong> — EFG Holding · Jan 2024 – May 2025</li> <li><strong>Cyber Security Researcher</strong> — Resecurity · 2023</li> <li><strong>Penetration Tester</strong> — DOMINFOSEC SOLUTIONS LLP · 2023</li> </ul> <h2 id="-contact">$ ./contact</h2> <ul> <li>GitHub: <a href="https://github.com/DEDSEC-2">DEDSEC-2</a></li> <li>LinkedIn: <a href="https://linkedin.com/in/d3d53c/">Momen Mahmoud</a></li> <li>Email: momenmahmoud478 [at] gmail [dot] com</li> </ul> <hr> <p><em>Currently exploring exploit development and offensive AI research. Open to collaboration on offensive security writeups and tooling.</em></p>