Introduction to Browser Exploitation
Introduction to web browser exploitation: how JavaScript engines work, Chrome's security architecture, and common vulnerabilities.
Oct 23, 2024 Iván Cabrera Fresno
Web
13 articles
Unicode Characters in Burp Suite
Discover how to use Unicode characters in Burp Suite to bypass web application filters and improve your pentesting techniques.
Jul 28, 2023 Eric Labrador
XSS Through DNS Records
Learn how to execute XSS by hosting malicious payloads in different types of DNS records such as MX, NS, CNAME, and TXT.
Jul 21, 2022 Eric Labrador
How Cross-site Request Forgery (CSRF / XSRF) Works
Learn how the Cross-site Request Forgery (CSRF) attack works, its conditions, practical exploitation examples, and main defenses like CSRF tokens and the SameSite attribute.
Jun 13, 2022 Juan Antonio González Mena
What is Cross-Origin Resource Sharing (CORS)
Detailed explanation of Cross-Origin Resource Sharing (CORS), its HTTP headers, functionality, and potential configuration vulnerabilities in web applications.
May 9, 2022 Juan Antonio González Mena
How to Get Started in Bug Bounty
Complete guide to getting started in the bug bounty world, including platforms, tools, VPS, methodology, and tips for finding vulnerabilities.
Apr 1, 2022 Eric Labrador
How the Clickjacking Attack Works
Explanation of the Clickjacking attack (UI redressing), how it works through invisible iframes to trick users into performing unauthorized actions, and how to protect against it using X-Frame-Options and Content Security Policy.
Mar 28, 2022 Juan Antonio González Mena
What is the Same Origin Policy (SOP)
Detailed explanation of the Same Origin Policy (SOP), the security policy implemented by browsers to prevent interaction between resources from different origins, including practical examples and exceptions.
Mar 7, 2022 Juan Antonio González Mena
Introduction to SQL Injection
Complete guide on SQL Injection: SQL fundamentals, types of injections (Union-based, Error-based, Boolean-based, Time-based), exploitation techniques, and practical examples with code.
Feb 14, 2022 Juan Antonio González Mena