WEBINAR
Compliant vs. Secure: A CISO and CEO Discuss How to Manage Real-World Risk
WEBINAR
Compliant vs. Secure: A CISO and CEO Discuss How to Manage Real-World Risk

Shubham Chaskar

Shubham Chaskar is a core pentester with extensive experience as an application security engineer. He has certifications including CEH, eCPPTv2, and eWPTXv2. He has experience penetration testing with mobile apps, web applications, networks, cloud configurations, and thick-client apps. Bash, Python, Go, and PowerShell are his favorite programming languages to automate penetration testing.

Remote Code Execution: A Pentester's Guide to RCE

Remote code execution (RCE) is a vulnerability that allows attackers to remotely execute commands on a server over the...
July 16, 2025
Est Read Time: 3 min

Pentester Guide: Weak or Default Credentials

Weak or default credentials are a common security flaw that attackers can exploit with minimal effort. They often lead...
September 24, 2024
Est Read Time: 4 min

OAuth Vulnerabilites Pt. 2

OAuth is a widely-used protocol that enables users to authorize third-party applications to access their data from other services, such as social media or cloud storage. However, like any technology, OAuth is not immune to vulnerabilities. This is Pt. 2 of a two-part series by Core Pentester Shubham Chaskar.
March 20, 2023
Est Read Time: 10 min

OAuth Vulnerabilites Pt. 1

Welcome to part one of OAuth Vulnerabilities. Core Pentester Shubham Chaskar overviews Oauth, commonly used grant types, entities, misconfiguration, and more.
January 23, 2023
Est Read Time: 10 min

The Guide to Understanding Content Security Policy (CSP) and Bypass Exploits

This blog post aims to demonstrate what CSP is and why CSP is implemented. And how attackers can bypass CSP. In this article, I will include how you can bypass some directives to achieve XSS on the target application.
October 12, 2022
Est Read Time: 9 min

File Upload Vulnerabilities

This blog aims to demonstrate how applications can be compromised using simple file upload functionalities. Core Pentester Shubham Chaskar will show how to bypass common defense mechanisms and upload web shells.
August 24, 2022
Est Read Time: 9 min

Attacking Windows Applications Pt. 2

Welcome to the second part of the blog series "Attacking windows application." In this blog, we go more in-depth on attacking these applications and the tools used.
August 4, 2022
Est Read Time: 10 min

Attacking Windows Applications – Part 1

In this two-part blog series, we will discuss the overview of thick client applications and the type of architecture present.
July 8, 2022
Est Read Time: 10 min