Early Mechanical Devices: The First Steps in Calculation Imagine you’re in ancient times, and you need to count a large number of items. How would you do it? This was the challenge that led to the creation of the abacus. Picture a frame with beads that slide on rods. By moving these beads, people could…
In this article Iβm going to share tools, my findings and tricks that I was able to gather. Letβs imagine that you have only one or few picture of person that you are looking for. It can be also video, or snapshots captured from a video. You can find below the list of the resources…
This will be an unusual blog post. We will talk about probably the most important peace of Information in Computing – BIT. What is a Bit? Essentially, Bit represents the smallest amount of electricity – either it is present (bit 1) or it is not (bit 0). A bit is also the smallest unit of…
Today we will cover one of the more interesting attack vectors – XXE. What is XXE? XXE, or XML External Entity Injection, is a type of security vulnerability that occurs when an application processes untrusted XML input. Attackers exploit this by including malicious code in XML data, often leading to serious consequences like reading server…
Web Cache Poisoning might sound like something straight out of a security conference talk, but it’s a real threat that can cause serious headaches. Recently, a vulnerability was found on the Shopify theme store website, https://themes.shopify.com, where an attacker could poison the cache by manipulating the Host header. What Is Web Cache Poisoning? Letβs break…
I’ve seen lot of social engineering / phishing campaigns that try to trick you to go some unsavory places, but rarely do they look convincing. So lets see how can we trick people into clicking on that link. https://[email protected] Now if you click the above link using Firefox browser – you will get a notification…
Have you ever wondered why a website you visit can’t access your cookies or session data from other sites you have open, like Facebook or Instagram? That’s thanks to the Same-Origin Policy. This policy restricts how one website can interact with resources from another website in your browser, ensuring your data remains secure and private.…
Content Security Policy (CSP) is one powerful setting that helps to defend your website. It particularly defends your site from vulnerabilities such as Cross-Site Scripting (XSS) and data injection attacks. It works by defining which sources of content are allowed to be loaded and executed on your web pages. How CSP Works CSP is implemented…
Rarely talked about, this is an interesting vulnerability. In 2012, GitHub faced a significant Mass Assignment vulnerability. An attacker discovered that GitHub’s enterprise system allowed users to set arbitrary parameters, including the admin flag, during account creation. The attacker exploited this by including the admin parameter in the account registration request, granting themselves administrative privileges.…
HTTP Request Smuggling occurs when an attacker exploits inconsistencies in how different web servers handle multiple HTTP requests sent in a single packet. This can lead to various types of attacks, including: HTTP Request Smuggling typically exploits the difference in interpretation of Content-Length and Transfer-Encoding headers between two servers. By carefully crafting HTTP requests, attackers…
