☣ About

I am a young independent security researcher who is very passionate about application security since I was a kid. I am very interested in reverse engineering, exploit development and penetration testing. I started my life with a single quote 💉 at the age of 12. I’m not any nerd or any geek. Just a normal boy who loves to explore new things. Apart from that I love music.

I got acknowledged by many organizations including Microsoft, Apple, AT&T, Oracle, Adobe, Facebook, Nokia, Twitter, Sony, Ebay, SoundCloud, RedHat, Github, Huawei, Dell, Samsung, Intel, etc.

Me in news and other mentionings

Research

Author of BreakThiSQLi challenge series.


All my work included here are licensed under
Creative Commons Attribution-ShareAlike 3.0 Unported License

🌍 Contact me

Currently holds OSCP, eCRE, eWPTX, eCPPT, eWPT

(Completed 4 in a row, 2015 October – eCPPT, November – eCRE, December – eWPTX, 2017 January – OSCP)


offsec-student-certified-emblem-rgb-oscp
ewptx_certificate_sm


Made with 💖 in Sri Lanka 🇱🇰

Advertisements

15 thoughts on “☣ About

  1. Hi,could you please recommand some books about information security?I’m interested in this method but have no idea what to learn.Thanks!!

  2. I’m new students from ICT collage, n begin to study n intererst about PenTest, Forensic. Could you guide or give me some artikel or book.
    Thanks

  3. Hi,
    This blog is really impressive actually.
    The number of acknoledgments you have is too damn high… Congratz.

    If you can mail me the same things you mailed to the others before I would be thankful.

    I read your whitepaper about SQLi on insert/update/delete. It was really interesting but unfortunately most of the techniques seem to apply only on MySQL. Moreover, I think this is really straight forward and you should try to explain a little more what you do, and give some screenshot of what you obtain.
    For instance, the article about the linkedIn vulnerability was more comprehensible.

    Anyway, I think you should keep writing articles because you seem to have a talent in PenTest.

    Good luck for your studies.

  4. 不错的博客,我的QQ是297210281,虽然我会讲英语不过,如果你对我有兴趣应该会加我

  5. hai osanda ,

    i have been read your ebook about SQLi, very interesting but i have question in one part about SQLi especially at Insert statement. what’s type payload that we can add at insert statement ??
    for example i have web (vulnerable) for security test purpose. the form is only for insert statement for example “contact us”. it have 4 field and i set one field can be injected (no filtering character). now what we can do with this hole ?? if there’s is a page that display data from “contact us” then i can do more about SQli and lookup the result of injection , but the condition is not. there is no display page result for injection. may be you know ? need explain more , thank you 🙂

  6. i have been read your ebook about SQLi, very interesting but i have question in one part about SQLi especially at Insert statement. what’s type payload that we can add at insert statement ??
    for example i have web (vulnerable) for security test purpose. the form is only for insert statement for example “contact us”. it have 4 field and i set one field can be injected (no filtering character). now what we can do with this hole ?? if there’s is a page that display data from “contact us” then i can do more about SQli and lookup the result of injection , but the condition is not. there is no display page result for injection. may be you know ? need explain more , thank you 🙂

  7. Hello! I read your all posts and I was surprised because of your knowledge and your writing skils(Your posts are easy to understand. You are a good teacher to me! 🙂 ).
    I’ve been learned about XSS.
    I have a question about XSS. Would you like to response about my question?
    Could we bypass XSS filter even if we can’t use (it will remove in website), and encoding such as %lt or some unicode? (I got various fuzz date for XSS but I can’t find about this!)
    It is impossible to bypass ? 😦
    Thank you for reading my comment. I will wait your re-comment!
    (I want to send e-mail to you but I couldn’t find it. So I left a reply here. Sorry! Probably this is not good with this category…)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s