Offensive Security
HTTP is dead... Long live HTTP?!
In this post, I will continue on my last paper by showing the readers a severe HTTP request smuggling bug chain using a new gadget, as well as a few ways to exploit it.
PoC or GTFO.
Latest
Top 10 Web Attacks 2023 #8
Offensive Security
From Akamai to F5 to NTLM... with love.
In this post, I am going to show the readers how I was able to abuse Akamai so I could abuse F5 to steal internal data including authorization and session tokens from their customers.
Malware Development
Inline Assembly
In this post, we will cover introductory concepts regarding the usage of inline assembly. We'll look at what we mean by inline assembly, how to use inline assembly and some examples of inline assembly usage.
Malware Development
Writing your own RDI /sRDI loader using C and ASM
In this post, I am going to show the readers how to write their own RDI/sRDI loader in C, and then show how to optimize the code to make it fully position independent.
Offensive Security
Automating C2 Infrastructure with Terraform, Nebula, Caddy and Cobalt Strike
In this post, I am going to show the readers how to build a fully automated C2 infrastructure using Terraform with Nebula's end-to-end encryption backend communication layer.
Offensive Security
From SKID to SAVAGE by abusing OST and Telegram services.
In this post, I am going to show readers how easy it is for up-and-coming threat actors to completely compromise, then possibly extort large companies with very little effort by abusing openly available resources.