Disclaimer# This an english translation of an article I wrote in french on Orange Cyberdefense blog in 2019. Introduction: what is pivoting?# Penetration testers are often required to cross network bo
Why?# A lot web-focused hacking/pentest tools have the ability to choose a user-agent (UA) to send while fuzzing/scanning/enumerating or at least to send custom HTTP headers. By default most of the to
If we read Java - Better font rendering on ArchLinux wiki we can read this: Both closed source and open source implementations of Java are known to have improperly implemented anti-aliasing of fonts.
Intro# When doing penetration testing using a black box approach, you may find a SQL injection (SLQi) by fuzzing with common payloads. Except if there is a verbose error disclosing the original SQL qu
We will setup a client side certificate authentication in Nginx with Elliptic curve cryptography using ECDSA (curve secp384r1) for certificates and a self signed Certificate Authority (CA). Create Ser