Author: gonczor

Asynchronous Message Queue in Golang

Car queue

I have recently written an article about how to use Celery in Django projects. Celery is a message queue in Python. I though “OK, cool, now let’s take a look at how it can be implemented from scratch”. Concept of Message Queue The project has 3 parts: Client, which is sending tasks, Broker, which is […]

NodeJS Deserialization

This is a Pentester Academy challenge writeup. It required to exploit a CVE-2017-5941 vulnerability in NodeJS server application during deserialization to trigger an RCE. Warning this is a writeup so it contains spoilers. I am changing it a little bit in order to save you from revealing everything. Application Server consisted of two endpoints: / […]

Summary of 2019 and plans for 2020

It’s time for summary of the first 6 months of running the blog and for making New Year’s resolutions. Successes and failures of 2019 The biggest success was starting the blog itself. After a few weeks I made a post on my plans for the upcoming 6 months. Initially I thought about posting every week, […]

Behind basic auth

Basic authentication is one of the simples methods of providing credentials to access resources. Today I’m going to take a look on it and provide you with an example of a web page utilizing this mechanism written with PHP and Apache. How does basic authentication work? On request to a protected resource, the server sends […]

Make use of htop


Or how to look cooler with htop Htop is a popular command-line tools for monitoring processes. It has some features that seem to be rarely used but could help you with process management or at least make your terminal look cooler. Help If you’ve ever wondered what do those weird colors on CPU and memory […]

How is attacked?

AH-64 attack helicopter

Since the very beginning of the existence of this service I was sure that people visiting me would sooner or later start attacking me. Maybe not with helicopters like in image but in a more intangible way. I’ve also said that I’m OK with it as long as responsible disclosure is used and I’m even […]

Issues with JWT

I hoped this would never happen, but here we go. I have problems with managing to deliver an article for Wednesday not because I have so little time, but because I have no idea for an article. I’ve fooled around a little bit with network recon labs on Pentester Academy, I’ve fooled around python imports, […]

A Very Different Hello World

How to write a shellcode in assembly to display “Hello, world?” After last week when I barely had time to scratch my head and I had to transfer my fiancee’s website to a different hosting (and finally learn something about how does the dns system work) I am back to coding for myself. I decided […]

CSRF Protection – Part 2

Fun of bypassing CSRF protection - Putting giving a request a session cookie

Before I begin, I owe you an apology. In previous part I told that I would like to describe the CSRF protection mechanism, but when I got down to coding, I thought that this would be rather tedious and uninteresting. If you want to see how it works, just go to Flask’s WTF forms extension […]

CSRF protection – part 1.

Fun of bypassing CSRF protection - Putting giving a request a session cookie

CSRF – Cross Site Request Forgery is an attack in which the user performs unauthorized actions on a web page they are signed in to. In this article I will describe the theory behind it and in next part (available here), I’ll give you some code to fool around with. What is the problem? Imagine […]

Next Page » « Previous Page