My place on the web

CSP (Content Security Policy) is a security mechanism implemented in all modern popular web browsers. Its main purpose is to protect against frontend attacks – especially against XSS vulnerabilities. Some common mistakes made in the development of CSP policies make it possible to circumvent it. To make sure we haven't… Continue reading →

Enumeration tools such as DIRB require a specially prepared dictionary that sometimes contains hundreds of thousands of the most common folder and file names. It's technologies are constantly changing, and with them the paths to seemingly hidden content. In order to successfully carry out enumeration attacks, you need to complete… Continue reading →

When participating in bug rebellions or penetration tests- it is extremely important to obtain as much information as possible about the purpose of your attack. We call this the reconnaissance phase. Sometimes interesting effects can be achieved by referting to old, forgotten or seemingly hidden domains, subdomains or IP addresses…. Continue reading →

The following example password policy takes into account the state of the art about the performance and capabilities of various types of attacks on cryptographic systems in 2020. If possible, I will try to update it (when it turns out that it is already too weak). Static passwords in IT… Continue reading →

I guess most pentesters ask, "What's the least forth in penetration testing?" – accordingly replies that in writing reports of these tests. It is a rather tedious process, taking a long time and requiring you to describe the vulnerabilities found for different types of audience. I wrote about it here… Continue reading →

The ability to escalate permissions is a competence necessary in the work of any good hacker. In itself, this is often a rather time-consuming process and is worth automating if possible. We are helped here by a LinEnum.sh – extremely useful for escalating permissions on Linux systems. Permission escalation uses… Continue reading →

As we all know, the COVID-19 epidemic in our country is accelerating. So that we do not repeat the tragic scenario that we see in Italy whenever we can – let us stay at home. Various actions and fundraisers are being organised in response to the call for huge shortages… Continue reading →

Looking for information about print profiles for the new fiberlogy material, I did not find any ready-made for Prussia MK3/MK3S so I created my own and share them with anyone looking for one. Since polypropylene has a large shrinkage and sticks well only properly to itself, it is necessary to… Continue reading →

It is extremely time consuming to manually dig through the source code to identify all the outdated and vulnerable libraries of our web application. We can automate this task a bit with the Retire.js. It is available from both the browser(Chrome, Firefox)and the Burpa plugin. "Using components with known vulnerabilities"… Continue reading →

The following article attempts to address the topic of security policy making using the example of firewall and DNS. It can be used in your company in its entirety or as a model for further development. Firewall 1.Firewall is designed to increase the security of your organization by using:  … Continue reading →