XSS Through DNS Records
Learn how to execute XSS by hosting malicious payloads in different types of DNS records such as MX, NS, CNAME, and TXT.
Jul 21, 2022 Eric Labrador
All Posts
127 articles
PNPT Review - Practical Network Penetration Tester 2022
Complete review of TCM Security's PNPT certification: practical pentesting course, Active Directory, realistic 5-day exam, and my experience obtaining the certification.
Jul 4, 2022 Juan Antonio González Mena
CSRF vulnerability with no defenses – PortSwigger Write Up
Learn how to exploit a CSRF vulnerability without defenses in PortSwigger Lab. Step-by-step guide to create a malicious HTML page that changes the victim's email through Cross-Site Request Forgery.
Jun 14, 2022 Juan Antonio González Mena
How Cross-site Request Forgery (CSRF / XSRF) Works
Learn how the Cross-site Request Forgery (CSRF) attack works, its conditions, practical exploitation examples, and main defenses like CSRF tokens and the SameSite attribute.
Jun 13, 2022 Juan Antonio González Mena
CRTP + Bootcamp Review - Certified Red Team Professional 2022
Complete review of Altered Security's CRTP certification: course content, Active Directory labs, hands-on exam, and my experience as a Certified Red Team Professional.
Jun 10, 2022 Juan Antonio González Mena
What is Cross-Origin Resource Sharing (CORS)
Detailed explanation of Cross-Origin Resource Sharing (CORS), its HTTP headers, functionality, and potential configuration vulnerabilities in web applications.
May 9, 2022 Juan Antonio González Mena
Exploiting Cross-site Scripting to steal Cookies – PortSwigger Write Up
Learn how to exploit stored XSS vulnerabilities to steal session cookies and perform Session Hijacking in this PortSwigger lab.
May 5, 2022 Juan Antonio González Mena
Stored DOM XSS – PortSwigger Write Up
Learn how to exploit stored DOM XSS vulnerabilities in the comments functionality and how to bypass JavaScript's replace() method.
May 4, 2022 Juan Antonio González Mena
Reflected DOM XSS – PortSwigger Write Up
Learn how to exploit a Reflected DOM XSS vulnerability in PortSwigger Lab. Step-by-step guide to identify and exploit an insecure script that processes reflected data in the DOM in a vulnerable way.
May 3, 2022 Juan Antonio González Mena