Rubén Santos García

@[email protected]
83 Followers
14 Following
133 Posts

Cybersecurity Engineer | OSCP | CRTO

I do offensive cybersecurity content, maybe not the best, but it's free :)
#infosec #cybersecurity #hacking

You can find me at https://www.kayssel.com/

bloghttps://www.kayssel.com/
Rubén Santos García5h ago
OAuth account takeover doesn't need leaked tokens. No state param = CSRF to forced account linking. Loose redirect_uri matching = code theft via open redirect chains. Implicit flow puts tokens in browser history and Referer headers. PKCE bypass when not enforced server-side. SSRF via OpenID dynamic client registration. Six patterns, all with labs. https://www.kayssel.com/newsletter/issue-43/ #OAuth #BugBounty #Pentesting #websecurity #Offsec #InfoSec
OAuth 2.0: Six Ways the Authorization Flow Breaks

Missing state CSRF, redirect_uri hijacking, open redirect code theft, implicit flow token leakage, PKCE bypass, and SSRF via OpenID dynamic client registration

Kayssel
Rubén Santos GarcíaMar 22

NoSQL doesn't mean no injection. MongoDB's $ne, $gt, $regex operators are injection primitives and most scanners miss them entirely. Auth bypass in one JSON body. Blind extraction via $regex one char at a time. $where for timing attacks when server-side JS is enabled. CouchDB Admin Party for legacy targets.

https://www.kayssel.com/newsletter/issue-42/

#infosec #cybersecurity

NoSQL Injection: Breaking MongoDB From the Inside

Operator injection, authentication bypass with $ne and $regex, blind boolean extraction, time-based $where detection, CouchDB default access, and automation tools

Kayssel
Rubén Santos GarcíaMar 15

Redis with no auth + CONFIG access = shell in 5 commands. File write to SSH keys, cron, or webshell. No CVE needed. This week covers the full Redis attack chain, SSRF exploitation via Gopher protocol, Lua sandbox escape (CVE-2022-0543, CVSS 10.0 on Debian/Ubuntu), and Memcached data extraction.

https://www.kayssel.com/newsletter/issue-41/

#cybersecurity #infosec

Redis and Memcached: When Cache Becomes a Foothold

Unauthenticated access, file-write RCE, module loading, SSRF via Gopher, CVE-2022-0543 Lua sandbox escape, and Memcached data extraction

Kayssel
Rubén Santos GarcíaMar 8

New issue: Race conditions aren't a fluke, they're a technique.

TOCTOU mechanics, limit overrun, multi-endpoint races, and the single-packet attack that kills network jitter via HTTP/2.

https://www.kayssel.com/newsletter/issue-40/

#BugBounty #WebSecurity #RedTeam #infosec

Race Conditions: When Timing Is Everything

TOCTOU mechanics, limit overrun attacks, multi-endpoint races, and the single-packet technique that makes all of this consistently exploitable

Kayssel
Rubén Santos GarcíaMar 1

Enterprise WiFi without cracking passwords.

PEAP relay + wireless checklist 👇

https://www.kayssel.com/newsletter/issue-39/

#cybersecurity #infosec

WiFi Hacking 101: Wrapping Up the Series (Part 4)

PEAP relay attacks, ESSID stripping for WIDS bypass, and a complete wireless assessment checklist for enterprise engagements

Kayssel
Rubén Santos GarcíaFeb 22

Breaking into enterprise WiFi 🔓
802.1X, Evil Twin, credential capture, legacy EAP abuse & Pass-the-Hash.
Part 3 of the WiFi series 👇

https://www.kayssel.com/newsletter/issue-38/

#infosec #cybersecurity

WiFi Hacking 101: Exploiting Enterprise Networks (Part 3)

Breaking into 802.1X enterprise WiFi through credential capture, legacy method exploitation, and Pass-the-Hash attacks

Kayssel
Rubén Santos GarcíaFeb 15

WPA/WPA2 handshakes, PMKID, WPS, Evil Twins, and why WPA3 still isn’t bulletproof.

Part 2 of my WiFi attacks series is out 👇
Let’s keep breaking WiFi.

https://www.kayssel.com/newsletter/issue-37/

#cybersecurity #infosec #hacking

WiFi Hacking 101: WPA/WPA2 Cracking, PMKID, and WPS (Part 2)

From 4-way handshake capture to offline cracking: WPA/WPA2 attacks, PMKID exploitation, WPS vulnerabilities, and what WPA3 actually protects against

Kayssel
Rubén Santos GarcíaFeb 8

Pentesting starts with recon.nmap, nuclei, subdomains, SSL/TLS.This week’s newsletter breaks down the full infrastructure recon workflow from zero. Build the attack surface first

https://www.kayssel.com/newsletter/issue-36/

#pentesting #cybersecurity #infosec

Infrastructure Reconnaissance: Your First Steps in Network Pentesting

From nmap and nuclei to full infrastructure enumeration: a practical guide to discovering attack surface in bug bounty and pentesting

Kayssel
Rubén Santos GarcíaFeb 1

WiFi hacking isn’t magic. It’s fundamentals and proper hardware.

I wrote a practical guide on WiFi security testing.

Part 1 👇
https://www.kayssel.com/newsletter/issue-35/

#infosec #cybersecurity #pentesting

WiFi Hacking 101: Breaking Into Wireless Networks (Part 1)

A practical introduction to WiFi security testing covering the fundamentals, essential hardware, monitor mode, packet injection, and initial attack techniques

Kayssel
Rubén Santos GarcíaJan 25

One payload. One object. 💥 RCE.

Deserialization bugs across Java, Python, PHP, .NET & React. Broken down and weaponized.

New newsletter 👇
https://www.kayssel.com/newsletter/issue-34/

#cybersecurity #infosec

Deserialization Attacks: When Objects Become Weapons

From Java gadget chains to Python pickle exploits: a practical guide to exploiting insecure deserialization for remote code execution

Kayssel