Server Side Request Forgery

Server Side Request Forgery, or SSRF, is an attack where the attacker is able to make a request to an internal resource by pivoting through the server. By leveraging on the server to make a request to the internal resource, the request become seen as legitimate, because internal systems usually trust each other. SSRF through […]

XSS – Revisited

I’ve been doing this lessons by Pentesterlabs, and i’ve learnt a few new things there, which is always great! To be honestly, i’ve never had any proper training or course in terms of offensive cyber security, especially the web. My experiences have mostly been centered around the Linux kernel, which is pretty niche and narrow. In […]

Strengths Finder; And mine

First off, before I begin, I just want to say that I picked this book up for a steal of $5, where the original cost was somewhere around $30. I think I might visit book fairs more often, but the downside being that they don’t usually carry very good quality books, both in terms of […]

DNSSEC

In the previous post, we talked about some of the attack vectors on the DNS. In this post, we’re going to be talking about DNSSEC, which is an attempt to make the DNS more secure. A point to note, DNSSEC does not provide Confidentiality, but only Integrity. Integrity in this case is ensuring that the […]

DNS Attack Vectors

Before looking at DNS Attack Vectors, let’s do a quick recap of what a DNS is, and what are it’s functions. What is a DNS? DNS, or Domain Name System, is a server that provides Name to IP Address resolution. When people visit websites, it’s much easier for them to remember words, such as Facebook […]

LSTM

In the previous post, we talked about RNN, and how performing Backpropagation through time (BPTT) on an unrolled RNN with many time steps can lead to the problems of vanishing / exploding gradients, and difficulties in learning long term dependencies. In this post, we’re going to look at a the LSTM (Long Short Term Memory) […]

RNN and Vanishing/Exploding Gradients

In this post, we’re going to be looking at: Recurrent Neural Networks (RNN) Weight updates in an RNN Unrolling an RNN Vanishing/Exploding Gradient Problem Recurrent Neural Networks A Recurrent Neural Network (RNN) is a variant of neural networks, where in each neuron, the outputs cycle back to themselves, hence being recurrent. This means that each […]

What are Proxies?

A Proxy, or a Proxy Server / Web Proxy, is something that sits between the source of the network traffic, and the desired destination of the traffic. What the proxy will do is relay the network traffic across to the other side. Typically, it would sit between a client and a server, where the client […]

K-Means Clustering

K-Means Clustering is an unsupervised learning algorithm. It works by grouping similar data points together to try to find underlying patterns. The number of groups are pre-defined by the user as K. How the Algorithm works Before the iterative update starts, a random selection of centroid locations are picked on the graph. These centroids act […]

Domain Fronting and SNI

Domain fronting is a malicious act of appearing to request to visit a legitimate site (the front), while in actual fact, the request is going to another website. Domain fronting relies on the SSL technology to work, where the service provider is unable to see the actual malicious hostname the request is going to, but […]