PROMO
Limited Time: Get 40% Off a Comprehensive Pentest for AI and LLM Applications
PROMO
Limited Time: Get 40% Off a Comprehensive Pentest for AI and LLM Applications

Shubham Chaskar

Shubham Chaskar is a core pentester with extensive experience as an application security engineer. He has certifications including CEH, eCPPTv2, and eWPTXv2. He has experience penetration testing with mobile apps, web applications, networks, cloud configurations, and thick-client apps. Bash, Python, Go, and PowerShell are his favorite programming languages to automate penetration testing.

Remote Code Execution: A Pentester's Guide to RCE

July 16, 2025
Est Read Time: 3 min
Remote code execution (RCE) is a vulnerability that allows attackers to remotely execute commands on a server over the...
Pentester Guides

Pentester Guide: Weak or Default Credentials

September 24, 2024
Est Read Time: 4 min
Weak or default credentials are a common security flaw that attackers can exploit with minimal effort. They often lead...
Pentester Guides

OAuth Vulnerabilites Pt. 2

March 20, 2023
Est Read Time: 10 min
OAuth is a widely-used protocol that enables users to authorize third-party applications to access their data from other services, such as social media or cloud storage. However, like any technology, OAuth is not immune to vulnerabilities. This is Pt. 2 of a two-part series by Core Pentester Shubham Chaskar.
Cobalt Core Pentester Guides

OAuth Vulnerabilites Pt. 1

January 23, 2023
Est Read Time: 10 min
Welcome to part one of OAuth Vulnerabilities. Core Pentester Shubham Chaskar overviews Oauth, commonly used grant types, entities, misconfiguration, and more.
Pentester Guides

The Guide to Understanding Content Security Policy (CSP) and Bypass Exploits

October 12, 2022
Est Read Time: 9 min
This blog post aims to demonstrate what CSP is and why CSP is implemented. And how attackers can bypass CSP. In this article, I will include how you can bypass some directives to achieve XSS on the target application.
Cobalt Core Pentester Guides

File Upload Vulnerabilities

August 24, 2022
Est Read Time: 9 min
This blog aims to demonstrate how applications can be compromised using simple file upload functionalities. Core Pentester Shubham Chaskar will show how to bypass common defense mechanisms and upload web shells.
Cobalt Core Pentester Guides

Attacking Windows Applications Pt. 2

August 4, 2022
Est Read Time: 10 min
Welcome to the second part of the blog series "Attacking windows application." In this blog, we go more in-depth on attacking these applications and the tools used.
Cobalt Core Pentester Guides

Attacking Windows Applications – Part 1

July 8, 2022
Est Read Time: 10 min
In this two-part blog series, we will discuss the overview of thick client applications and the type of architecture present.
Cobalt Core