Articles Archives - Patch The Net

Articles

HTTP Request Smuggling Explained

HTTP Request Smuggling (HRS) is a type of attack that is gaining more and more attention in recent years. Its rise is fueled by the high prevalence of Cloud-based applications […]

View the post

spectnullbyteDecember 31, 2021December 31, 2021

Articles

XXE Attacks Explained

Out of the many attacks that threaten web applications today, XXE remains the one that is talked about the least. Although it gets far less attention than XSS or SQL […]

View the post

spectnullbyteDecember 12, 2021December 12, 2021

Tags: XML eXternal Entities XXE XXE Attack XXE Vulnerability

Articles

CSRF (Cross-Site Request Forgery) Explained

Cross-Site Request Forgery (CSRF or XSRF), also called Client-Side Request Forgery, is a type of attack that targets web applications. It allows an attacker to induce users into accessing and […]

View the post

spectnullbyteNovember 28, 2021November 28, 2021

Tags: client-side request forgery cross-site request forgery csrf csrf attack

Articles

A Quick Guide To Regular Expressions

Regular expressions are present in almost all programming languages (Python, PHP, Javascript…), as well as in Linux commands (grep, sed…) and in many other high-level languages and applications. So, why […]

View the post

spectnullbyteSeptember 26, 2021September 26, 2021

Tags: regex regular expression Regular expressions

Articles

Introduction to Cross-Site Scripting (XSS)

This article presents a great introduction for anyone trying to learn about Cross-Site Scripting (or XSS). You don’t need to be an expert to follow along. However, you do need […]

View the post

spectnullbyteAugust 13, 2021August 13, 2021

Tags: cross site scripting persistent xss reflected xss web application hacking xss

Articles

Using THC Hydra To Brute Force Login Forms

THC Hydra is a powerful tool to use against login forms. It can perform brute force and dictionary attacks against different types of applications and services. When a web application […]

View the post

spectnullbyteAugust 6, 2021August 6, 2021

Tags: brute force dictionary attack Hacking thc hydra

Articles

Linux Privilege Escalation: Three Easy Ways to Get a Root Shell

Once you’ve gained access to a Linux system, the next logical step is to perform privilege escalation. That is, to go from a user account with limited privileges to a […]

View the post

spectnullbyteJuly 30, 2021July 30, 2021

Tags: Linux Privilege Escalation root

Articles

Using John The Ripper To Crack Password Hashes

Every self-respecting pentester should have a powerful password cracker in their toolkit, and John the Ripper is simply the best cracker out there. Initially released in 1996 by Openwall, John […]

View the post

spectnullbyteJune 29, 2021June 29, 2021

Tags: john cracker john the ripper password cracking

Articles

Using Gobuster to Find Hidden Web Content

Directories and Files enumeration is one of the first steps that an attacker performs during web application pentesting. This step is necessary to identify potential hidden areas of a website […]

View the post

spectnullbyteApril 20, 2021April 20, 2021

Tags: directory enumeration gobuster web enumeration

Articles

Introduction to SQL Injection

SQL injection is often referenced as the most common type of attack on websites. It is being used extensively by hackers and pen-testers on web applications. The OWASP Top Ten […]

View the post

spectnullbyteApril 9, 2021April 9, 2021

Tags: Databases SQL SQL Injection SQLi