June 30, 2020

Write your own ARP Spoofer in Python (part 2/2)

In part 1. we’ve built our spoofer. Now let’s build a lab to test it....

June 25, 2020

Write your own ARP Spoofer in Python (part 1/2)

For every popular technique there are already many convenient tools that can execute an attack for you, so why bother writing your own tools? Most probably they won’t be even...

May 28, 2020

Breaking out of a function context without () and // for XSS

Let’s say you’ve found something that could lead to relfected xss. You can inject unescaped characters in a piece of javascript on a page, for example:...

May 13, 2020

Two tips for html sanitizers testing

So, you’re looking for an xss, trying to bypass an html sanitizer with complex behavior? Here are two things you can start your testing with to grasp a better understanding...

April 29, 2020

Creating xxe payloads in xmp metadata

Recently I’ve read an interesting post that referenced this disclosed hackerone report about xxe in image upload functionality. This isn’t the most obvious place to look for xxes, so: How...