Tools & Tutorials
Step-by-step tool guides — BloodHound, Burp, Metasploit, NetExec, Impacket.
DOM-Based XSS in 2026: Modern Frameworks and Trusted Types
DOM-XSS in modern frameworks — vulnerable sinks (innerHTML, dangerouslySetInnerHTML, v-html, [innerHTML]). Source-to-sink analysis with Semgrep + Burp DOM Invader. The Trusted Types…
Tools & TutorialsCORS Misconfigurations: Deep-Dive on the Common Bypasses
CORS misconfiguration patterns — reflective Origin with Allow-Credentials, null Origin trust, permissive subdomain wildcards, regex bypasses. Test commands, the safe pattern, Express.js…
Tools & TutorialsCSP Bypass Techniques in 2026 and the Safe Defaults
CSP bypasses — JSONP on trusted CDN, AngularJS sandbox, unsafe-inline, wildcard sources, data: URIs, path-based bypasses. The nonce + strict-dynamic + Trusted…
Tools & TutorialsPrototype Pollution Exploitation in JavaScript
Prototype pollution in lodash, jQuery, custom merge utilities. Detection with Semgrep, exploitation paths (auth bypass, RCE chains), the safe-merge pattern with Object.create(null).
Tools & TutorialsAdvanced JWT Attacks: kid Path Traversal, JWE Confusion, JWK Trust
Beyond alg:none — kid path traversal, kid SQL injection, jku/x5u trust confusion, embedded jwk header attacks, JWE algorithm confusion. jwt_tool workflow.
Tools & TutorialsWebSocket Security: Cross-Site Hijacking, Auth Gaps, Channel Leakage
WebSocket attacks — CSWSH (cross-site hijacking), per-message auth gaps, input validation, rate-limiting absence, broadcast channel leakage. Burp + wscat testing workflow.
Tools & TutorialsHTTP Request Smuggling: CL.TE, TE.CL, HTTP/2 Desync
Request smuggling variants — CL.TE, TE.CL, TE.TE with obfuscation, HTTP/2 desync. What attackers do (cache poisoning, auth bypass), Burp Smuggler workflow, HTTP/2…
Tools & TutorialsWeb Cache Poisoning: Hidden Inputs and Param Miner
Web cache poisoning via unkeyed inputs (X-Forwarded-Host, custom headers, cookies). Burp Param Miner workflow. Cache key configuration as the architectural fix.
Tools & TutorialsWebAssembly Security: The 2026 Attack Surface
Wasm security model — sandboxed VM, memory isolation. What's attackable — memory bugs in Wasm code, JS-Wasm boundary, side-channel, cryptojacking, server-side WASI…
Security GuidestheHarvester and Recon-ng: OSINT Toolchain in 2026
theHarvester for breadth-of-source aggregation; Recon-ng for workflow continuity across investigation. Where they fit alongside modern tools (subfinder, amass, SpiderFoot, Maltego) in 2026…