Netcat (nc, ncat, or the swiss army knife of networking, as some might prefer to call it) is a command-line utility that every self-respecting pentester should carry under their belt. […]
Author: A. Boukar
Server-Side Request Forgery (SSRF) Explained
Server-Side Request Forgery (or SSRF) is an attack that consists of inducing a web application to send back-end requests to an unintended destination. Driven by the increasing popularity of Cloud […]
Chapter 12 – Bash Scripting
So far, we have been running commands interactively on the Linux CLI, one command at a time. Although we have configured some tasks to run at a predetermined schedule using […]
Host Header Injection Attacks
Host Header injection is not the type of attack that you would normally find in CTFs or security challenges. However, it is largely widespread in the wild web. It is […]
HTTP Request Smuggling Explained
HTTP Request Smuggling (HRS) is a type of attack that is gaining more and more attention in recent years. Its rise is fueled by the high prevalence of Cloud-based applications […]
XXE Attacks Explained
Out of the many attacks that threaten web applications today, XXE remains the one that is talked about the least. Although it gets far less attention than XSS or SQL […]
Chapter 11 – Schedule Tasks
We have learned a lot since we started this tutorial. We are starting to gain more confidence in operating a Linux system. However, so far, we have been limited to […]
CSRF (Cross-Site Request Forgery) Explained
Cross-Site Request Forgery (CSRF or XSRF), also called Client-Side Request Forgery, is a type of attack that targets web applications. It allows an attacker to induce users into accessing and […]
Chapter 10 – Vim
After having spent time learning the most important commands that we need to perform essential tasks on Linux, you should realize by now that using the command line interface on […]
A Quick Guide To Regular Expressions
Regular expressions are present in almost all programming languages (Python, PHP, Javascript…), as well as in Linux commands (grep, sed…) and in many other high-level languages and applications. So, why […]