Skip to content

Scomurr's Blog

Play for serendipity…

  • Main Blog
  • Web Attacks
  • Web Dev
  • SCOM
  • Game Dev
  • About
  • Disclaimer

Category: Security

HTTP Request Smuggling – H2 CRLF Injection

01/27/2023 scomurr Security, Web Attacks

In this next lab, we have to go a bit deeper into the differences between how HTTP/1.1 and HTTP/2 are[…]

Read more

HTTP Request Smuggling – HTTP/2 Downgrade Attack Part 2

01/25/2023 scomurr Security, Web Attacks

In the previous lab we looked at a H2.TE vulnerability. To exploit, we needed to upgrade the request from HTTP/1.1[…]

Read more

HTTP Request Smuggling – HTTP/2 Downgrade Attack

01/23/2023 scomurr Security, Web Attacks

This is a unique attack and takes advantage of an implementation that accepts HTTP/2 requests but then downgrades the requests[…]

Read more

HTTP Request Smuggling – Reflected XSS via Headers

01/15/2023 scomurr Security, Web Attacks

In this post, we’re going to be looking at utilizing the headers within a smuggled request to fire a cross[…]

Read more

HTTP Request Smuggling – Stealing Session Cookies

01/04/2023 scomurr Security, Web Attacks

We’re getting to the good stuff now! We’ve moved past theory again with this lab and now we’re using a[…]

Read more

Posts navigation

«Previous Posts 1 2 3 4 5 Next Posts»
  • Automation (6)
  • Azure (4)
  • Hack Job (6)
  • MCAS (2)
  • PowerShell (2)
  • Presentation (3)
  • Productivity (2)
  • Security (25)
  • System Center (32)

Recent Posts

  • HTTP Request Smuggling – HTTP/2 Request Tunnelling
  • HTTP Request Smuggling – Web Cache Poisoning for Deception
  • HTTP Request Smuggling – Web Cache Poisoning
  • HTTP Request Smuggling – Admin Access via CL.0 Vulnerability
  • HTTP Request Smuggling–H2 CRLF Header Injection Part 2

Categories

  • Activities
  • ARM
  • Automation
  • Azure
  • Developement
  • Hack Job
  • Infrastructure as Code
  • Integration Packs
  • Management Packs
  • MCAS
  • MITRE
  • MP Authoring
  • OffSec
  • OSCP
  • PowerShell
  • PowerShell
  • Presentation
  • Productivity
  • Reporting
  • SC Operations Manager
  • SC Orchestrator
  • SC Service Manager
  • Security
  • System Center
  • Web Attacks
WordPress Theme: Poseidon by ThemeZee.