Sharp Security

Tag: Red Team

  • Client Side De-Sync and Synch0le

    Defcon just started publishing this year’s talks on YouTube and it includes an excellent talk by James Kettle on HTTP De-Sync attacks, furthering his research from last year. I found the subject fascinating and highly recommend you check out the talk, paper and corresponding Burpsuite plugins, along with the Portswigger labs to try it for…

  • DVWA: Weak Session IDs – Impossible Difficulty Part II

    Last time we quickly ran through the method for cracking the cookies issued by an instance of PHP issuing outputs from mt_rand(). However, the method used was flawed. We can do better just by attacking the problem some more. First, a basic optimisation to solve two problems at once. When running early attack code, I…

  • DVWA: Weak Session IDs – Impossible difficulty Part I

    DVWA stands for Damn Vulnerable Web Application, and it certainly lives up to its name. It’s intended for beginners to the field of hacking – which definitely describes me – and includes a list of challenges commonly seen in real hacking engagements like SQL Injection, Cross-Site Scripting and File Inclusion/File Upload vulnerabilities, etc. How you…