Measuring a Tor Hidden Service's idle Traffic
A month ago, I wondered myself how much traffic an idle hidden service would consume just to keep the necessary circuits open. To answer this question, I set up a
Credentials hiding in plain sight or how I pwned your http auth
In this blog post I will go over the little research project I did about http authentication credentials hiding in plain sight. Idea A few month ago, I was thinking
Files on web servers Part I: History Files
In part I of the blog series, we will go over some "history" files that are commonly found on web servers. What are history files? Most interactive commandline programs (i.
Pwning your (web)server and network the easy way - or why exposing ~/.ssh/ is a bad idea
Last year I did some research on how an exposed ~/.ssh/ folder on a web server can lead to a complete pwnage. Here's the deal: * I've seen it in the
Open Redirects In Improperly Configured mod_rewrite Rules (PoC for CVE-2019-10098?)
I recently came across the following Apache vulnerability [https://httpd.apache.org/security/vulnerabilities_24.html]: "mod_rewrite potential open redirect (CVE-2019-10098)", but I couldn't find a proof of concept,