The Journey of Computing

Early Mechanical Devices: The First Steps in Calculation Imagine you’re in ancient times, and you need to count a large number of items. How would you do it? This was the challenge that led to the creation of the abacus. Picture a frame with beads that slide on rods. By moving these beads, people could

The Cornerstone of Computing

This will be an unusual blog post. We will talk about probably the most important peace of Information in Computing – BIT. What is a Bit? Essentially, Bit represents the smallest amount of electricity – either it is present (bit 1) or it is not (bit 0). A bit is also the smallest unit of

XXE – XML External Entities

Today we will cover one of the more interesting attack vectors – XXE. What is XXE? XXE, or XML External Entity Injection, is a type of security vulnerability that occurs when an application processes untrusted XML input. Attackers exploit this by including malicious code in XML data, often leading to serious consequences like reading server

Web Cache Poisoning via Host Header

Web Cache Poisoning might sound like something straight out of a security conference talk, but it’s a real threat that can cause serious headaches. Recently, a vulnerability was found on the Shopify theme store website, https://themes.shopify.com, where an attacker could poison the cache by manipulating the Host header. What Is Web Cache Poisoning? Let’s break

URL Magic

I’ve seen lot of social engineering / phishing campaigns that try to trick you to go some unsavory places, but rarely do they look convincing. So lets see how can we trick people into clicking on that link. https://[email protected] Now if you click the above link using Firefox browser – you will get a notification

What is Same-Origin Policy (SOP)?

Have you ever wondered why a website you visit can’t access your cookies or session data from other sites you have open, like Facebook or Instagram? That’s thanks to the Same-Origin Policy. This policy restricts how one website can interact with resources from another website in your browser, ensuring your data remains secure and private.

Content Security Policy (CSP)?

Content Security Policy (CSP) is one powerful setting that helps to defend your website. It particularly defends your site from vulnerabilities such as Cross-Site Scripting (XSS) and data injection attacks. It works by defining which sources of content are allowed to be loaded and executed on your web pages. How CSP Works CSP is implemented

Mass Assignment Vulnerabilities

Rarely talked about, this is an interesting vulnerability. In 2012, GitHub faced a significant Mass Assignment vulnerability. An attacker discovered that GitHub’s enterprise system allowed users to set arbitrary parameters, including the admin flag, during account creation. The attacker exploited this by including the admin parameter in the account registration request, granting themselves administrative privileges.

HTTP Request Smuggling Overview

HTTP Request Smuggling occurs when an attacker exploits inconsistencies in how different web servers handle multiple HTTP requests sent in a single packet. This can lead to various types of attacks, including: HTTP Request Smuggling typically exploits the difference in interpretation of Content-Length and Transfer-Encoding headers between two servers. By carefully crafting HTTP requests, attackers

Hacking a WebServer – How?

When it comes to attacking web servers without any initial access, there are more ways than one may think of. Lets start from the most common and go from there: 1. Web Application Vulnerabilities Issues within the application itself can be exploited remotely to possibly gain control or access backend systems. Vulnerabilities such as SQL