π ~/study - Cyber Deep Dives
107 postsComprehensive technical breakdowns of security concepts, vulnerabilities, and exploitation techniques. Each post is a complete guide from basics to advanced exploitation.
LDAP Injection Fundamentals: Search Filters & Exploitation Basics
Learn the anatomy of LDAP search filters, discover common injection vectors, and master safe testing techniques using ldapsearch, Burp Suite, and custom scripts. Ideal for security professionals preparing to assess directory services.
Docker Architecture & Image Layers: Fundamentals for Security Professionals
Learn Docker's client-server model, image vs container lifecycles, union file systems, layer hashing, Dockerfile best practices, inspection tools, namespaces, cgroups, and storage driver security-all essential for hardening container environments.
Advanced CSP Bypass Techniques: JSONP, unsafe-inline, Wildcards & Base-URI
Learn how attackers evade Content Security Policy using JSONP abuse, unsafe-inline nonce reuse, script-src wildcards, base-uri manipulation, and data/blob URLs. Includes practical examples, testing with Burp Suite, and mitigation strategies.
Client-Side Prototype Pollution Fundamentals (DOM) - Introductory Guide
Learn the basics of client-side prototype pollution, how it differs from server-side attacks, vulnerable JavaScript patterns, exploitation techniques, DOM-based XSS payloads, and CSP bypasses.
Server-Side Prototype Pollution in Node.js: Fundamentals and Exploitation
Learn how prototype chain manipulation in Node.js can lead to property pollution, privilege escalation, and WAF bypass. The guide covers vectors, detection, and mitigation for security professionals.
Advanced Cross-Site WebSocket Hijacking (CSWSH) - Techniques & Defenses
Learn how attackers manipulate Origin headers, subprotocols, and combine XSS/CSRF to hijack WebSocket sessions, discover vulnerable endpoints, craft malicious payloads, and exfiltrate data, plus robust mitigations.
Advanced Dirty COW Exploitation (CVE-2016-5195) - Full Walkthrough
A deep dive into the Dirty COW race-condition (CVE-2016-5195), covering internal mechanics, reliable exploit development, mitigation bypasses, post-exploitation cleanup and defensive detection.
Abusing the Docker Socket (/var/run/docker.sock) for Host Takeover
Learn how to locate, enumerate, and exploit the Docker Unix socket to run arbitrary Docker commands, spawn privileged containers, mount the host filesystem, and achieve persistent root access on the host. Includes defensive measures and real-world examples.
Exploiting Cloud Metadata via SSRF: AWS, Azure & GCP
Learn how SSRF can be leveraged to abuse cloud metadata services on AWS, Azure, and GCP, retrieve IAM credentials, bypass token protections, and evade network controls.
Wildcard Abuse in LDAP Filters: Bypassing Authentication
Learn how wildcard characters and logical operators can be abused in LDAP filter strings to bypass authentication, manipulate group membership, and alter attributes. The guide covers syntax, payload construction, testing, impact, and mitigation.
Understanding Docker Daemon Architecture & API - An Introductory Guide
Learn how the Docker daemon works, explore its REST API, socket listeners, authentication methods, and common security pitfalls. Ideal for security professionals familiar with Docker basics.
HTTP Request Smuggling - CL.TE Desynchronisation Explained
Learn the fundamentals of CL.TE (Content-Length vs Transfer-Encoding) request smuggling, how to craft payloads, set up a dual-server lab, detect anomalies, and leverage the technique for advanced attacks.
Linux Kernel Exploitation Fundamentals: Introductory Guide
Learn the core concepts of Linux kernel exploitation, from architecture and system calls to memory layout and common vulnerability classes. This guide equips security professionals with the knowledge to analyze, develop, and mitigate kernel bugs.
Exploiting CORS Misconfiguration: Credential Theft via Allow-Credentials Wildcard
Learn how a wildcard Access-Control-Allow-Origin combined with Access-Control-Allow-Credentials can be weaponised to steal cookies, bypass HttpOnly, and exfiltrate data. Includes attack recipes, detection tools, and hardening guidance.
Abusing Service Account Tokens for Kubernetes API Access
Learn how service account JWTs can be harvested, decoded, and leveraged to enumerate, escalate, and persist within a Kubernetes cluster, with practical examples and defensive guidance.
Using Impacket psexec.py for Remote Execution with NTLM Hashes
Learn how to harvest NTLM hashes, leverage Impacket's psexec.py for remote command execution, move laterally using Pass-the-Hash, and detect/mitigate these techniques in Windows environments.
SUID/SGID Binary Exploitation Lab Using GTFOBins - Introductory Guide
Learn to discover, analyze, and exploit SUID/SGID binaries on Linux, leverage GTFOBins for privilege escalation, bypass common mitigations, and craft a root shell payload in a hands-on lab.
Model Extraction Fundamentals: Querying Public APIs
Learn how attackers reconstruct ML models via public inference APIs, covering threat modeling, endpoint discovery, query crafting, parameter reconstruction, rate-limit evasion, automation scripts, and fidelity verification.
CORS Exploitation Fundamentals: Same-Origin Policy & Bypass Techniques
Learn how browsers enforce the Same-Origin Policy, dissect CORS headers, and master basic bypasses-from wildcard origins to WebSocket tricks-so you can assess and protect modern web applications.
Linux Capabilities 101: Fundamentals and Enumeration Guide
Learn what Linux capabilities are, how the three capability sets work, enumerate them on files and processes, and discover common mis-configurations that lead to privilege escalation.
Time-Based Blind SQL Injection: Exploiting Delays for Data Retrieval
Learn how to weaponize SQL timing functions to extract data from blind injection points, build reliable payloads, and defend your applications against this stealthy attack vector.
Advanced HTTP/2 Request Smuggling: Multi-Stream & Priority Frame Abuse
Explore how attackers abuse HTTP/2's multi-stream and priority mechanisms to smuggle malicious requests, bypass limits, and inject headers across streams. Includes a real-world CVE dissection and practical mitigation guidance.
Enumerating Service Account Tokens in Kubernetes Pods
Learn how to locate, read, and automate extraction of Kubernetes service account JWT tokens from pod containers, identify privileged accounts, and apply defensive controls. This guide blends theory with hands-on examples for security engineers.
Discovering the Kubernetes API Server Endpoint - An Intermediate Guide
Learn how to locate, interrogate, and safely interact with the Kubernetes API server endpoint. The guide walks through local cluster setup, URL discovery, TLS handling, proxy vs direct access, OpenAPI enumeration, and anonymous endpoint detection.
Frontend-Backend Desync Exploitation - Intermediate Guide
Learn how frontend-backend desynchronization works, craft malicious request chains, exploit real-world stacks, detect anomalies, and harden both load balancers and origin servers.
Intro to QUIC Protocol: Fundamentals, Handshake & Practical Setup
Learn the core building blocks of QUIC, its packet format, 0-RTT/1-RTT handshakes, version negotiation, transport parameters, and get hands-on with quic-go and msquic. Includes traffic capture, decoding, and security considerations.
Obfuscated Transfer-Encoding (TE.TE) Header Attack - Crafting & Exploitation
Learn how to weaponise malformed Transfer-Encoding headers, combine TE.TE with CL.TE for double-desync, evade detection with header obfuscation, and exploit real-world Nginx/Apache flaws using Burp, Smuggler and custom scripts.
Server-Side Template Injection (SSTI): Fundamentals & Attack Surface
Learn what SSTI is, how popular Python template engines work, how to fingerprint Jinja2, common injection vectors, attack-surface mapping, and the impact ranging from data leaks to remote code execution.
Transfer-Encoding Priority Desync (TE.CL) Fundamentals and Exploit Development
Learn the inner workings of TE.CL (Transfer-Encoding Priority Desync) attacks, how to craft reliable payloads, and practical mitigation strategies for modern HTTP stacks.
Introductory Guide to DOM-Based XSS Exploitation
Learn how DOM-based XSS works, identify dangerous sinks, craft reliable payloads, automate discovery, and bypass modern defenses. This guide equips security professionals with practical techniques and mitigation strategies.
HTTP/2 Downgrade Attacks: Forcing HTTP/1.1 to Bypass Defenses
Learn how attackers force HTTP/2 connections to fall back to HTTP/1.1, the mechanics behind downgrade, payload crafting, evasion of HTTP/2-aware controls, exfiltration tricks, and robust detection and mitigation techniques.
Union-Based SQL Injection: Column Enumeration and Data Extraction Techniques
Master union-based SQL injection: discover injection points, count columns, bypass filters, extract data with clever payloads, automate with sqlmap, evade WAFs, and dump sensitive tables.
Command Injection Basics: Finding Vulnerable Parameters & OS Detection
Learn how to spot command injection vectors in web requests, use OS-specific payloads for fingerprinting, and automate discovery with popular tools. This guide covers manual techniques, scripting, and mitigation best practices.
PwnKit (CVE-2021-4034) Deep Dive - Exploitation Techniques & Mitigations
Learn the internals of the PwnKit vulnerability, how to craft reliable exploits, and practical defenses. This guide covers vulnerability analysis, exploit development, real-world impact, and hands-on labs for security professionals.
Introductory Guide to Redis Architecture, Data Structures & Protocol
Learn Redis fundamentals, its core data types, the RESP wire protocol, authentication flow, essential commands, and default security-relevant settings-all framed for security professionals.
gopher:// Scheme Exploitation: Payloads, Bypasses & Automation
Learn how to craft gopher:// payloads, set up OOB listeners, evade strict filters, chain schemes for multi-stage attacks, and automate the process with Python or Go. This guide bridges theory and hands-on practice for security professionals.
MongoDB NoSQL Injection - Fundamentals, Exploitation, and Defense
An intermediate-level guide covering MongoDB query syntax, injection vectors, operator abuse, blind techniques, automated tools, JavaScript payloads, aggregation RCE, and post-exploitation data exfiltration.
Advanced Second-Order SQL Injection - Detection, Exploitation & Real-World Cases
Deep dive into second-order SQLi: threat model, data-flow discovery, persistent payload crafting, trigger techniques, bypassing defenses, automated detection with sqlmap, real-world case studies, and hardening recommendations.
Token Smuggling Fundamentals: Threat Model & Detection
Learn what token smuggling is, its threat model, common injection vectors, impact on session management, and detection techniques. This guide equips security professionals with the knowledge to spot and mitigate token-smuggling attacks.
Advanced Blind SSRF Exploitation: Multi-Stage OOB, Rate-Limit Bypass & Automation
Learn how to chain blind SSRF requests for multi-stage out-of-band attacks, defeat rate-limiting controls, and build automated frameworks that scale. Real-world examples, code snippets, and mitigation strategies are covered for security professionals.
Mastering CL.TE Desync: Content-Length vs Transfer-Encoding Exploitation
Learn how CL.TE HTTP request smuggling works, craft malicious payloads, detect vulnerable servers, and apply robust mitigations. Includes theory, hands-on labs, tools, and real-world case studies.
Active DNS Enumeration: dig, nslookup, host, fierce & dnsrecon
Learn how to harvest DNS data using dig, nslookup, host, fierce, and dnsrecon. The guide covers record types, scripting, wildcard detection, AXFR attempts, automation with bash/jq, and how to turn raw results into actionable intelligence.
Intro to Google Dorking: Mastering Basic Search Operators
Learn how Googleβs advanced search operators work, how to craft precise dorks, and how to automate and protect against information leakage using practical examples and scripts.
Unconstrained Delegation Abuse: Exploiting Mis-configured SPNs
Learn how to locate SPNs with unconstrained delegation, request and forge Kerberos tickets using PowerView and Rubeus, and pivot to high-privilege accounts. Includes detection, mitigation, and hands-on labs.
WebSocket Tunneling for C2: Introductory Study Guide
Learn how WebSocket connections can be abused for command and control, from handshake fundamentals to building a minimal C2 server and evasion techniques. This guide offers practical code, detection tips, and real-world context for security professionals.
Reflected XSS Exploitation Basics - From Discovery to Data Extraction
Learn how to locate injectable vectors, craft reliable payloads, bypass trivial filters, verify execution with devtools, and harvest data via document.cookie and DOM manipulation in reflected XSS attacks.
Introspection Abuse: Harvesting the Full GraphQL Schema
Learn how to extract a complete GraphQL schema via introspection, automate collection, analyze for attack vectors, and combine with injection or auth-bypass techniques.
CSP Bypass Techniques: JSONP, Unsafe Inline, Wildcards, and Nonce Reuse
Learn how attackers subvert Content Security Policy using JSONP endpoints, unsafe-inline allowances, wildcard sources, and nonce reuse, and discover practical defenses and mitigation strategies.
Signing Malicious Drivers with Stolen Certificates - Intermediate Guide
Learn how Stuxnet harvested authentic Authenticode certificates, analyze them with certutil/OpenSSL, sign malicious drivers, bypass Windows enforcement, and detect signed driver abuse. Practical examples and defensive guidance included.
Stuxnet Architecture & Attack Surface - Introductory Study Guide
Learn Stuxnetβs historical backdrop, threat model, high-level architecture, targeted protocols, and design goals. Ideal for professionals with Windows malware and PLC basics.
Stuxnet Architecture and Attack Goals - Introductory Study Guide
Learn the high-level architecture of Stuxnet, its strategic sabotage objectives, key component interactions, and the multi-stage infection chain. Perfect for analysts familiar with Windows internals and PLC basics.
SSRF Fundamentals: Mapping the Attack Surface and Assessing Risk
Learn what Server-Side Request Forgery (SSRF) is, why it matters, and how to enumerate internal services, cloud metadata, and vulnerable parameters. Includes hands-on examples, mitigation tactics, and real-world CVE references.
Error-Based SQL Injection - From Theory to Automated Exploitation
Learn how error-based SQLi leaks data via DB error messages, craft reliable payloads, automate extraction with sqlmap, and defend your applications with robust mitigations.
Advanced HTTP/2 Stream Multiplexing Abuse: Multi-Request Exploitation for Privilege Escalation
Learn how attackers embed, interleave, and prioritize multiple HTTP/2 requests within a single stream to bypass defenses, exfiltrate data, and chain backend calls for privilege escalation.
Introductory Guide to HTTP/2 Request Smuggling
Learn the fundamentals of HTTP/2 request smuggling, from frame anatomy and HPACK abuse to practical crafting with h2c/curl, multiplexing tricks, detection, and mitigation.
Web Cache Deception Lab: Nginx + Cloudflare
Learn how cache deception works, craft deceptive URLs, configure Nginx, and test against Cloudflare. The guide covers cache key logic, path-confusion tricks, and detection methods for security professionals.
GraphQL Injection Fundamentals: Advanced Techniques and Mitigations
GraphQL Injection Fundamentals
Intro to Sudo Configuration & Enumeration: Basics Every Pentester Should Know
Understanding Sudo Configuration and Enumeration (Intro)
Understanding the CL.TE Desync Attack: Content-Length vs Transfer-Encoding Mismatch
Learn how CL.TE desynchronization works, craft malicious requests, test them with common tools, and identify vulnerable Apache/Nginx versions. Includes defenses, real-world impact, and hands-on labs.
Out-of-Band SQL Injection: DNS & HTTP Exfiltration Techniques
Learn how OOB SQLi leverages DNS and HTTP channels to steal data, automate payloads with sqlmap, detect traffic, and apply robust mitigations.
Exploiting Shopping Cart Race Conditions for Price Manipulation
Learn how to locate, analyze, and exploit TOCTOU race conditions in e-commerce shopping-cart APIs to alter product prices. The guide covers timing measurement, concurrent request generation, CSRF bypass, verification, and mitigation strategies.
XXE Injection Fundamentals: Entities, DTDs, and Parser Behaviors
Learn the core mechanics behind XML External Entity (XXE) attacks - from entity types and DTD syntax to how popular parsers resolve external entities. Includes hands-on payloads, testing tips, and mitigation best practices.
Django Template Engine SSTI β RCE via __import__ (Intermediate)
Learn how to weaponise Django's template engine to achieve remote code execution using the __import__ trick. The guide walks through rendering flow, auto-escaping bypasses, OS command execution and post-exploitation tactics.
Advanced SSTI: Deserialization Gadget Chains for RCE
Learn how deserialization gadget chains can be leveraged through Server-Side Template Injection to achieve remote code execution, generate Java and Python payloads, bypass sandbox filters, and maintain post-exploitation footholds.
Log Poisoning via LFI β Remote Code Execution: Techniques & Defenses
Learn how attackers turn writable web server logs into a weapon, inject PHP payloads through HTTP headers, bypass LFI filters, and achieve remote code execution. Includes detection, mitigation, and hands-on labs.
Advanced Guide to Crafting and Leveraging Golden Tickets with Mimikatz
Deep dive into creating, abusing, and persisting Golden Tickets. Learn extraction of the krbtgt hash, ticket forgery, injection, detection evasion, and post-exploitation use cases.
Escaping a Kubernetes Pod via Host PID Namespace
Learn how hostPID can be abused to break out of a pod, gain root on the host, and establish a persistent reverse shell. Includes enumeration, malicious pod specs, nsenter tricks, and mitigation.
Intermediate Guide to DNS Tunneling with Iodine
Learn how to install Iodine, configure BIND for DNS tunneling, encode traffic, obtain an interactive shell, evade defenses, and troubleshoot common issues.
Reflective DLL Injection with PowerShell & C# - In-Depth Guide
Learn how to craft, load, and stealthily execute reflective DLLs using PowerShell one-liners and C# in-memory techniques, bypass defenses, handle ASLR/DEP, and clean up traces.
Pass-the-Hash Fundamentals: Concept, Threat Model & Mitigation
Learn how NTLM challenge/response works, why hashes can be reused for authentication, and how attackers leverage Pass-the-Hash for lateral movement. Includes detection tips, practical examples, and mitigation strategies.
Docker Socket Abuse: Gaining Host Access via /var/run/docker.sock
Learn how attackers exploit the Docker daemon socket to run privileged containers, mount the host filesystem, and obtain a root shell on the host. The guide covers enumeration, malicious API calls, container breakout techniques, and robust mitigations.
Mastering Google Advanced Search Operators for OSINT
Learn how to wield Googleβs powerful search operators-site:, inurl:, intitle:, intext:, filetype:, cache:, link:, related:, range:, before:, after:-to locate hidden assets, sensitive files, and misconfigurations. The guide covers combination techniques, quirks, automation, and defensive measures for security professionals.
API Endpoint Enumeration: From Discovery to Exploitation with Kiterunner, API-Guesser, Arjun & FuzzAPI
Learn how to systematically discover, enumerate, and fuzz API endpoints using DNS tricks, Swagger specs, GraphQL introspection, and automated tools like Kiterunner, API-Guesser, Arjun, and FuzzAPI. Includes practical code, defense tips, and real-world scenarios.
Cross-Site WebSocket Hijacking (CSWSH) - Exploitation Methodology
Learn how CSWSH works, how attackers force privileged WebSocket connections, bypass token checks, and how to defend against it with proper Origin validation, CSRF tokens, SameSite cookies, and CSP.
Intermediate Guide to Enumerating Amazon S3 Buckets
Learn practical techniques for discovering S3 buckets using AWS CLI, DNS tricks, open-source scanners, wordlist brute-forcing, and HTTP status analysis. Gain actionable insights to assess exposure and harden defenses.
Advanced Subdomain Takeover Exploitation and Persistence Guide
Learn how to discover, exploit, and maintain footholds on vulnerable subdomains across AWS, Azure, and GCP. The guide covers fingerprinting, payload crafting, automation, persistence, C2, and evasion techniques for seasoned offensive security professionals.
Finding Vulnerable Drivers on Windows Systems - A Practical Guide
Learn how to enumerate, analyze, and locate vulnerable Windows kernel drivers using built-in utilities, Sysinternals tools, and automated scripts. The guide covers metadata extraction, hash correlation with CVE sources, and defensive best practices.
Polyglot Files 101: Build a JPEG-PHP Hybrid for File-Upload Bypass
Learn how polyglot files work, explore JPEG internals, and craft a minimal JPEG+PHP file that executes on a vulnerable server. The guide covers signatures, embedding PHP in comments, verification, and bypassing basic content-type defenses.
Broken Logout Mechanisms: Logout CSRF & Token Reuse
Learn how missing CSRF protection on logout endpoints, token reuse, and double-submit cookie flaws enable attackers to force logouts, hijack sessions, and achieve full session fixation.
Scope & Rules of Engagement: From Bug Bounty to Enterprise Pentest
Learn how to define scope boundaries, craft ROE documents, secure legal authorizations, classify assets, manage communications, and handle scope changes for bug bounty programs and enterprise penetration tests.
Exploiting Broken Object Level Authorization (BOLA) in API-First Applications
Learn how BOLA weaknesses let attackers enumerate, access, and exfiltrate data from API-first services. The guide covers identifier theory, enumeration tactics, payload crafting, bypassing defenses, and chaining with other flaws for privilege escalation.
Direct System Prompt Override: DAN, Role Reversal & Exploitation Techniques
Learn how to hijack LLM system prompts using classic jailbreaks (DAN, Zero-Shot ReACT), role-reversal tricks, multi-stage chaining, and open-source model exploits, then walk through a lab that achieves arbitrary code execution via an LLM-driven tool.
Advanced Process Hollowing (RunPE) - Evasion Techniques & Real-World Exploit Walkthrough
Deep dive into creating a suspended process, unmapping its image, planting a malicious PE, manipulating thread context, and stealth tricks used by Cobalt Strike and custom malware. Includes post-exploitation C2 set-up.
Dirty COW (CVE-2016-5195) Exploitation Walkthrough
Dirty COW (CVE-2016-5195) Exploitation Walkthrough
Mastering SUID/GUID Binary Abuse for Linux Privilege Escalation
Learn how to locate, analyze, and exploit SUID/GUID binaries on Linux systems. This guide covers discovery, known vulnerable binaries, custom payload crafting, library hijacking, and defensive hardening.
Fileless PowerShell Reverse Shells via WMI & AMSI Bypass β Advanced Guide
Fileless PowerShell Reverse Shells via WMI and AMSI Bypass - An Advanced Guide
Intro to Heap Memory Layout & Allocation Strategies
Learn the fundamentals of Linux heap organization, ptmalloc2 internals, chunk metadata, and common allocation patterns. Ideal for security pros building a solid base for heap exploitation.
Union-based SQL Injection: Enumeration, Exploitation, and Defense
Learn how to identify, enumerate, and exploit UNION-based SQL injection vulnerabilities, craft payloads, use sqlmap, and apply robust mitigations.
Exporting Plaintext Passwords from LSASS via sekurlsa::logonpasswords
Exporting Plaintext Passwords from LSASS using sekurlsa::logonpasswords
Mastering GTFOBins: Elevating Privileges & Crafting Reverse Shells on Linux
GTFOBins: abusing common Linux binaries for privilege escalation and reverse shells
Getting Started with THC Hydra: Installation, Modules, and Basic Usage
Learn how to install THC Hydra across platforms, master its command syntax, select and tune modules, craft optimal password lists, run and interpret credential tests, and troubleshoot common issues. This intro-level guide equips security professionals with practical, actionable knowledge.
Wireshark Fundamentals for Offensive Recon: Capture & Filter Traffic
Wireshark Basics: Capturing and Filtering Traffic for Offensive Recon
Getting Started with Metasploit Exploit Modules: Architecture, Creation, and Testing
Learn the inner workings of Metasploit's exploit modules, how to build a simple module from scratch, configure its metadata and options, and validate it using msfconsole. Ideal for professionals with basic Linux and exploitation knowledge.
Exploiting Unrestricted File Upload: PHP Web Shell Delivery
Learn how to locate vulnerable upload endpoints, craft stealthy PHP web shells, bypass common filters, and achieve persistent remote access using real-world tools and techniques.
Advanced Bypass Techniques for Command Injection Filters
Learn how to evade common command-injection filters using whitespace tricks, null-byte termination, encoding tricks, base64 payloads, command chaining, obfuscation, alternate interpreters, and automated testing with Burp Suite.
Intro to Stack Buffer Overflows: From Memory Layout to Exploit
Learn how stack memory is organized, spot vulnerable buffers, calculate precise offsets, craft tiny shellcode, inject it, and hijack control flow on Linux. This guide gives you hands-on examples, tooling tips, and mitigation strategies.
Detecting Blind Command Injection with TimeβBased Payloads
Blind Command Injection: Detection via Time-Based Payloads
Command Injection Exploits with cURL & Netcat - Reverse Shell Guide
Learn how to weaponize OS command injection using cURL and Netcat to obtain reverse shells. The guide covers payload crafting for sh/bash/cmd, injection techniques, listener setup, filter bypasses, and reliability considerations.
Kerberoasting Deep Dive: Ticket Harvesting & Offline Cracking
Learn how Kerberoasting works, from Kerberos ticket flow to extracting TGS tickets, converting them for hashcat, detection, and mitigation strategies for enterprise environments.
Advanced DOM-Based XSS: Payloads, Bypass Techniques & Defenses
Deep dive into DOM-XSS attack surface, advanced payloads, filter evasion, automated discovery, and robust mitigations for security professionals.
Advanced OAuth 2.0 Authorization Code Flow Attacks & Defenses
Deep dive into sophisticated attacks on the OAuth 2.0 Authorization Code flow-including code interception, PKCE bypass, redirect manipulation, state weaknesses, token leakage, refresh token abuse, and client secret extraction-plus robust mitigation strategies.
Blind XXE Exploitation: Techniques, Chaining, and Hardening
Blind XXE Exploitation and Mitigations
Insecure Deserialization: Gadget Chains, Exploit Development, and Mitigations
Learn how insecure deserialization enables remote code execution through gadget chains, master discovery techniques for Java, PHP, and .NET, and apply defensive controls and detection methods to harden modern applications.
Advanced Web Cache Poisoning via Header Manipulation & Vary Bypass
Learn how HTTP header injection can corrupt cache keys, bypass Vary, and poison browsers, CDNs, and reverse proxies. Includes theory, exploitation steps, real-world cases, and hardening techniques.
Advanced JWT Attack Techniques: Algorithm & Key Confusion, Token Substitution
Deep dive into JWT attack vectors-algorithm confusion, key misuse, token substitution, JWK manipulation, storage flaws, and privilege escalation-plus detection, mitigation, and practical labs.
Advanced SSRF Exploitation of AWS Instance Metadata Service (IMDS)
Learn how SSRF can be leveraged to reach the AWS Instance Metadata Service, extract temporary IAM credentials, bypass IMDSv2, and pivot to full cloud account compromise. Includes attack techniques, detection, and hardening guidance for security teams.
Advanced HTTP Request Smuggling: Transfer-Encoding & Content-Length Desync Attacks
Deep dive into HTTP request smuggling mechanics, focusing on Transfer-Encoding vs. Content-Length conflicts, classic payload patterns, desynchronisation scenarios, exploitation steps, detection, mitigation, and real-world case studies.