{"@attributes":{"version":"2.0"},"channel":{"title":"Abdul Wahab","link":"https:\/\/d3vilbug.github.io\/","description":"Recent content on Abdul Wahab","generator":"Hugo","language":"en-us","lastBuildDate":"Tue, 16 Sep 2025 00:00:00 +0000","item":[{"title":"Witcher: Your Friendly Guide to Setting It Up in Your Environment","link":"https:\/\/d3vilbug.github.io\/posts\/witcher-guide\/","pubDate":"Tue, 16 Sep 2025 00:00:00 +0000","guid":"https:\/\/d3vilbug.github.io\/posts\/witcher-guide\/","description":"
\n

Note: This article was authored by me and originally published on Moonfare’s Official Blog<\/a> as part of my work at Moonfare. It is republished here on my personal blog with permission.<\/p><\/blockquote>\n

This blog post will guide you through setting up and running Witcher via CLI, along with automating routines using GitHub Actions.<\/p>\n

How to install Witcher<\/h2>\n
$ git clone git@github.com:mf-labs\/witcher.git\n<\/span><\/span>$ cd witcher\n<\/span><\/span>$ npm i\n<\/span><\/span><\/code><\/pre><\/div>
Setting Up Environment Variables<\/h2>\n
Set the following environment variables for running Witcher without SIEM, Slack and Jira support<\/p>"},{"title":"Witcher: Managing GitHub Advanced Security (GHAS) Controls at Scale","link":"https:\/\/d3vilbug.github.io\/posts\/witcher\/","pubDate":"Fri, 02 May 2025 00:00:00 +0000","guid":"https:\/\/d3vilbug.github.io\/posts\/witcher\/","description":"
\n
Note: This article was authored by me and originally published on Moonfare’s Official Blog<\/a> as part of my work at Moonfare. It is republished here on my personal blog with permission.<\/p><\/blockquote>\n
This post explores the limitations of GitHub Advanced Security (GHAS) and how Witcher<\/a> enhances security management by providing greater scalability, control, and efficiency across repositories.<\/p>\n
An Introduction to GitHub Advanced Security (GHAS)<\/h2>\n
GitHub Advanced Security (GHAS)<\/a> is a comprehensive security suite that enhances code security. It offers a range of features that integrate directly into the development workflow, protecting at the pull request (PR) level<\/strong> to identify and mitigate vulnerabilities early.<\/p>"},{"title":"SRePlay - Replay Protection Bypass","link":"https:\/\/d3vilbug.github.io\/posts\/sreplay\/","pubDate":"Fri, 23 Apr 2021 00:00:00 +0000","guid":"https:\/\/d3vilbug.github.io\/posts\/sreplay\/","description":"
Background<\/h2>\n
During a Pentest, we came across a scenario where the application was sending a token in response which will be used in the next request so that it can prevent request replay. On top of that, we can’t use macros to send requests for tokens due to limitations.<\/p>\n
To overcome this challenge, we developed a SRePlay<\/strong>, Burp Plugin to bypass Replay Protection<\/em><\/u> which will extract the value of the token from the last response and automatically update the future request with the new token on the fly resulting in Request Replay Protection bypass.<\/p>"},{"title":"Decrypting Mobile App Traffic using AES Killer and Frida","link":"https:\/\/d3vilbug.github.io\/posts\/aes-killer---mobile-app-demo\/","pubDate":"Mon, 19 Apr 2021 00:00:00 +0000","guid":"https:\/\/d3vilbug.github.io\/posts\/aes-killer---mobile-app-demo\/","description":"
In this post, I’ll be discussing how to decrypt the mobile app AES Encrypted traffic on the fly using AES Killer.<\/p>\n
Pre-requisites<\/h2>\n