Kamil Vavra | @vavkamil

Offensive website security | Bug bounty | Ethical hacking

🕵️Whoami 💰Bug bounty 📖Blog 💻Tools 📢Talks 🏆LinkedIn 📩Contact

[email protected]:~$

Hi 👋,

welcome on my personal website! “This is it… this is where I belong…” I know everyone here… even if I’ve never met them, never talked to them, may never hear from them again… I know you all…

Latest post

WordPress Plugin Confusion: How an update can get you pwned

tl;dr: Like the novel “Dependency Confusion” supply chain attack, it is possible to take over internally developed WordPress plugins unclaimed on the wordpress.org registry. Updating the plugin might result in the RCE or installing a PHP backdoor. You can use wp_update_confusion.py to scan for potential targets. To protect your website,...

Recent posts


Content on this site is licensed under a Creative Commons Attribution 4.0 International License
🄯 2019‐2022 - @vavkamil - Open-source Github pages - Powered by Jekyll & The Hacker theme - Subscribe via RSS