Category: Cyber Security
-
Introducing a New Website – haxor.rocks
I’m introducing a new website haxor.rocks to provide learning content for cybersecurity professionals. I’m compiling a list of techniques used by hackers. My first discussed technique is Zip Slip, a cool vulnerability about archives and directory traversal. It is a quick read. I hope you enjoy 🙂 Read More About Zip Slip on Haxor.Rocks
-
IDOR
I created my first video regarding web vulnerabilities: IDOR (Insecure Direct Object Reference). Feel free to check it out and leave a comment!
-
OWASP Top 10 Cheat Sheet
Here is a condensed and easy to read version of the OWASP Top 10. I hope you enjoy!
-
Pivot Chaining with SSH and SOCKS
This guide discusses how to chain pivots together to reach networks several layers deep from our starting host. Following Along I have an easy-to-use Lab on GitHub if you would like to follow along on a Linux machine. Setup is simple. Install docker-compose and run the following command: This will setup multiple docker hosts, each…
-
Session Management for Web Apps
HTTP is a stateless protocol meaning that each request does not save any information. When you login into a web application, it must somehow maintain that you are logged in. One of the common approaches to that problem is using a session identifier. Important Qualities “HttpOnly” Session Cookie An HttpOnly cookie prevents JavaScript from accessing…
-
Getting the Most Out of Nmap
Nmap (Network Mapper) is one of the most utilized tools in penetration testing. This guide will discuss some awesome options and how to get the most out of using nmap. Starting Point Here is a starting point that you can utilize. Depending on your situation, you may need to modify or adapt the commands below.…
-
Attack: Local File Inclusion
Local File Inclusion (LFI) can occur within an application when input can affect what file is “included”. If the contents of a file are displayed, this could provide the attacker the opportunity to view files (maybe even sensitive ones) within the file system. Example Consider the following HTTP request to display a list of movies:…
-
How to Setup a Local HTTPS Nginx Reverse Proxy
Overview This guide provides details on how to setup a local HTTPS Nginx reverse proxy. This is useful when you want to secure HTTP traffic and allow multiple web apps to be served on common ports. Let’s get started! Nginx Setup This guide sets up a local HTTPS secured environment. If your server is accessible…