Dantae

DantaeSecurity research, tooling, and field notes.https://dantae.dev/enHello, Worldhttps://dantae.dev/blog/welcome/https://dantae.dev/blog/welcome/Why I'm starting this blog and what to expect — security research, tooling, CTFs, and everything in between.Mon, 01 Jun 2026 00:00:00 GMTblogmetaintroMy CTF Toolkit in 2026https://dantae.dev/blog/my-ctf-toolkit/https://dantae.dev/blog/my-ctf-toolkit/The tools and scripts I actually reach for during CTF competitions, and how I think about building a toolkit.Wed, 20 May 2026 00:00:00 GMTblogctftoolsreconwebpwnAuthentication Bypass via HTTP Parameter Pollutionhttps://dantae.dev/research/http-parameter-pollution/https://dantae.dev/research/http-parameter-pollution/How duplicate query parameters can trick authentication middleware into granting access to protected resources — a look at the vulnerability, exploitation, and remediation.Sun, 10 May 2026 00:00:00 GMTresearchwebauthenticationhppbypassmiddlewareOSINT Toolshttps://dantae.dev/notes/recon/osint-tools/https://dantae.dev/notes/recon/osint-tools/Passive reconnaissance tools and techniques for target profiling.Sun, 10 May 2026 00:00:00 GMTnotesosintreconpassiveDNS Enumerationhttps://dantae.dev/notes/network/dns-enumeration/https://dantae.dev/notes/network/dns-enumeration/Zone transfers, brute-forcing subdomains, and passive DNS recon.Fri, 01 May 2026 00:00:00 GMTnotesdnsnetworkreconenumerationPort Scanning Techniqueshttps://dantae.dev/notes/network/port-scanning/https://dantae.dev/notes/network/port-scanning/SYN, UDP, version detection, and OS fingerprinting — when to use which.Mon, 20 Apr 2026 00:00:00 GMTnotesnetworkscanningreconNmap Quick Referencehttps://dantae.dev/notes/network/nmap-quick-reference/https://dantae.dev/notes/network/nmap-quick-reference/The nmap flags and scan patterns I actually reach for, organized by task. Not exhaustive, just useful.Wed, 15 Apr 2026 00:00:00 GMTnotesnmapreconnetworkcheatsheetCross-Site Scripting (XSS)https://dantae.dev/notes/web/xss/https://dantae.dev/notes/web/xss/Reflected, stored, and DOM-based XSS — payloads and bypass patterns.Sun, 12 Apr 2026 00:00:00 GMTnoteswebxssinjectionSQL Injectionhttps://dantae.dev/notes/web/sql-injection/https://dantae.dev/notes/web/sql-injection/Detection, exploitation, and bypass techniques for SQLi.Fri, 10 Apr 2026 00:00:00 GMTnoteswebsqliinjection