HTTP Request Smuggling occurs when an attacker exploits inconsistencies in how different web servers handle multiple HTTP requests sent in a single packet. This can lead to various types of attacks, including: HTTP Request Smuggling typically exploits the difference in interpretation of Content-Length and Transfer-Encoding headers between two servers. By carefully crafting HTTP requests, attackers…
When it comes to attacking web servers without any initial access, there are more ways than one may think of. Lets start from the most common and go from there: 1. Web Application Vulnerabilities Issues within the application itself can be exploited remotely to possibly gain control or access backend systems. Vulnerabilities such as SQL…
In the shadowy corners of the cybersecurity world, there thrived a hacker known for his unique blend of digital prowess and physical stealth. This hacker, who went by the alias “Cipher,” specialized in an often-overlooked aspect of security: physical penetration testing. Cipher’s job was to break into buildings, not just networks, to expose vulnerabilities in…
As the final bell rang, signaling the end of another mundane school day, Alex trudged out of the classroom, his backpack slung over his shoulder. The autumn sun cast long shadows across the schoolyard as he made his way home, kicking at stray leaves that littered the sidewalk. Chapter 1: A Routine Day Despite the…
We are going to delve deeper uncovering the hidden patterns in passwords. First of all, we need password datasets / breached lists of once hacked passwords. For our part 2 we will analyze the common password collections from known breaches that can be found in ‘seclists’ libraries. For the purpose of this article I wrote…
In the digital age, passwords serve as the gatekeepers to our virtual lives, safeguarding everything from personal correspondence to financial information. This article provides a detailed exploration of password patterns, incorporating extensive statistics, examples, and insights to paint a full picture of current trends and their implications for security. This is the part 1 of…
One of the most important skills hacker can have is the ability to read code. Exploit code, specifically. Understand it and have the ability to tinker with it. One great resource for such endeavors is www.exploit-db.com. Go there, try to read their code. You don’t have to understand every single bit and byte of it,…
Welcome to the second part of Python for penetration testing. Today, we embark on a noble quest: to check if the digital gates (ports, for the uninitiated) of our fortresses (servers, in tech-speak) are up or inviting trouble. Gathering Your Tools Before our adventure begins, ensure your satchel is equipped with Selenium and python-docx, potent…
Long before the internet, two brothers, FranΓ§ois and Joseph Blanc, pulled off the very first hack in history. This happened way back in 1834, when the coolest tech around was the telegraph. Sounds a bit surreal, but back then those telegraphs did not work with electromagnetic impulses. No, they were optical. The Blanc brothers’ scheme…
There is often a lot of confusion among many when it comes to the differences in cookies & sessions. In my arsenal of interview questions, I sometimes wielded this somewhat trick question like a gleaming sword of confusion. This wasn’t just any question; it was the litmus test to separate those who understand the simple…
