Collaborate Disseminate
I’m exploring the history and evolution of the HTTP protocol and I know that HTTP/0.9 is generally not used anymore. It’s clear how features evolved in newer HTTP versions and how primitive HTTP/0.9 actually is with no support for headers,… Continue reading Is HTTP/0.9 considered "End-of-Life" (EOL) due to security vulnerabilities or risks?
I’m looking into HTTP version specific risks. HTTP 1.0 lacks support for persistent connections, meaning each request/response pair requires a new TCP connection to be established.
Considering the overhead associated with constantly openin… Continue reading Is HTTP/1.0 inherently more susceptible to denial-of-service (DoS) attacks?
I read that book websockets are slower than api request if rate of request is Slow. This got me thinking about difference in their overhead, I couldn’t find the actual overhead for websocket, so I am asking question.
There was a project on GitHub that (was going to, if it hadn’t been abandoned) modify TCP fields in order to evade packet sniffing. It explains in specifics how this would work here. In particular, this is what’s specified:
packets with … Continue reading TCP connection scrambling to evade tracking
Is it possible that an attacker puts machine code on a TCP packet? In a way that before passing to the CPU and getting an error that such a function doesn’t exist on the application, it first needs to pass through the RAM, and when it’s in… Continue reading TCP packets containing machine code
Has it ever happened or is it possible that just by configuring custom code on the attacker’s listener like with Python or any other programming language, if a victim just connects to it using TCP, a reverse shell can happen without the vi… Continue reading Establishing a reverse shell without any software tools like Netcat (by the server)
Is it possible that for example there is a TCP packet, and using a proxy, you intercept it and using a tool you change the protocol entirely? Like for example from TCP to UDP or any other custom protocol?
Is it possible to write small application logic (for example 4 KB) on a TCP packet? like for example a simple logic that just sends back "Hello" to the IP address (user) who wrote a specific command like "Summon Hello" … Continue reading Writing small application logic directly on a TCP packet
Is it possible to send a TCP payload to an open port that executes a specific arbitrary command on the target device using Metasploit or any other program? For example with Windows 10 Server OS?
I searched for any answers to my question, b… Continue reading Arbitrary command execution on remote devices
I am developing a TCP-Proxy in C#/.NET using dotNetty (Port of Netty). The proxy is translating messages between two different systems. It will be hosted on a server in the company network, so it is not exposed to the internet.
I am wonder… Continue reading Securing an internal tcp proxy