API Pentesting (TryHackMe)
Link to the Walkthrough & Challenge on TryHackMe: API Pentesting Introduction An API (Application Programming Interface) is a structured interface that enables software components to communicate with
Jun 3, 202625 min read
Command Palette
Search for a command to run...
#idor
Articles tagged with #idor
Love Letter Locker (TryHackMe) - IDOR
Lover Letter Locker is a Valentine's-themed web application that allows users to create and store love letters. The challenge description hints at privacy concerns with "For your eyes only?" - suggest
Mar 5, 20266 min read8
OWASP Top 10 2025: Application Design Flaws (TryHackMe)
After exploring IAAA (Identity, Authentication, Authorization, and Accountability) failures in the previous room, I moved on to what many consider the most challenging category of vulnerabilities to fix: Application Design Flaws. Unlike authenticatio...
Jan 10, 202620 min read3.8K
IDOR - Santa’s Little IDOR (TryHackMe) 🧑🎄🎉
In this write-up, we’ll walk through the “IDOR on the Shelf” challenge and break down the key concepts behind Insecure Direct Object References. Rather than just following the steps mechanically, we’ll explore why IDOR happens, how to identify it in ...
Dec 6, 202512 min read110
Challenges: Corridor (TryHackMe)
This challenge presented a web application that at first glance appeared to be static, with a single background image and minimal interactive content. Enumeration using tools like Gobuster didn’t reveal much, but manually inspecting the page source u...
Jul 28, 20253 min read374
Challenges: Neighbour - IDOR (TryHackMe)
In this challenge, we explore a vulnerable cloud authentication service called Authentication Anywhere — a fictional login platform promising secure access from anywhere. But is it truly secure? 🤔 With the mention of IDOR (Insecure Direct Object Ref...
Jul 18, 20253 min read47