Insecure Deserialization Attacks
What is Serialization? Serialization is the process of converting an object in memory into a format that can be stored or transmitted. This format is often a sequence of bytes.…
Our Blog
HTTP Desync Attacks, Also known as HTTP Request Smuggling
HTTP Desync Attacks, also known as HTTP request smuggling, exploit inconsistencies in the interpretation of HTTP headers by different servers in a chain, such as between a front-end server (e.g.,…
A Nerd’s Guide To Cracking CTF Challenges Part-1
Introduction Capture the Flag (CTF) challenges are a popular way for cybersecurity enthusiasts to test their skills and learn new techniques. While they can be daunting for beginners, a systematic…
Burp 107: BurpSuite Decoder, Sequencer and Comparer
Decoder The Decoder tab can be used to encode, decode, and hash any selected text. Here is a simple login credentials for an example. I can select the first…
Burp 106: BurpSuite Intruder for Application Security Testing
Intruder is incredibly useful for automating attacks. For a useful walk-through of how it works, I will use one of the PortSwigger web academy labs as a demonstration. In…
Burp 105 : Burp Suite Repeater Guide
By right-clicking on a request and selecting Send to Repeater or doing so with the Action button in the proxy interception section, you can send requests to the repeater…
Burp 104 : Burp Suite Proxy Guide
The Proxy tab allows you to modify and send intercepted requests and view your request history. When you first view this tab you won’t have any intercepted requests and…
Burp 103 : Target Component
The Target tag allows you to view the site map of the target site, as well as what requests you’ve made and what findings you have found for each…