Author: Wiktor Szymanik
HTTP Request Headers as an Attack Vector – Partie Deux
Last time I have showcased a three interesting headers that can be used as attack vector. This time I will showcase a three more, however they will be more exotic that the previous examples. If you haven’t seen part 1, view it first here. Without further ado, let’s buckle up! Forcing HTTP Verb Tunneling In …...
HTTP Request Headers as an Attack Vector
Can misconfigured HTTP request headers be as dangerous as parameters sent to the server? The short answer is: absolutely. HTTP headers are typically seen as routine metadata automatically sent from a browser (or other sources) to a server. They help servers understand client requests, manage authentication, store cookies, and track user...
My Journey to the Offensive Security Experienced Penetration Tester (OSEP) Certification
In November 2024, I successfully passed the OSEP exam and earned the Offensive Security Experienced Penetration Tester certification. However, the road to achieving this milestone would have been smoother with better preparation and planning (even though I thought I was well-prepared at the time). This post serves as both a review of the...
