Index to all Shieldia DVWA content

Welcome to this issue of the Shieldia blog, today we will be doing the Mr Robot CTF on TyrHackMe. We will recon the target, enumerate the username with ffuf, brute force the credentials, catch a re...

Welcome to this Shieldia writeup for the 0day room on TryHackMe. I demonstrate how to identify and exploit the vulnerabilities with Nmap, ffuf, Nikto, and Metasploit. The Blue Team sections demonst...

In today’s post you will learn how to create and upload a PHP reverse shell to the DVWA. I introduce Villain as a Command & Control framework. Of course there are some new detection bypass tech...

In today’s post you will learn how to exploit the File Inclusion in the DVWA on Medium security. I demonstrate how to bypass the filters put in place to try prevent the exploit. There is a small OW...

Prerequisites If you don’t currently have a Damn Vulnerable Web Application (DVWA) instance you can follow along at home with a simple git clone & vagrant up if your host system meets the minim...

In today’s you will learn how to Command Inject the DVWA on Medium Security. I provide novel OWASP CRS ModSecurity WAF bypasses; one to run the commands id or who, one generic command injection tha...

Today you will learn how to bypass the ModSecurity WAF and obfuscate ffuf to brute force the challenge on Medium Security. I demonstrate how to use ffuf to enumerate a directory if you are being bl...

The first post in the DVWA Medium Security Shieldia blog series. Today I demonstrate how to obfuscate the reconnaissance phase to give the defenders even less time to react. Active network reconnai...

In this final DVWA Low Sec blog post I demonstrate how to decode the secret “Encrypted” message. I also introduce how you can use CyberChef to help identify if a string is encrypted or just encoded...