XSS vs CSRF Blog Cover Image

How is XSS different from CSRF?

Someone asked me this question, I gave him some answers but he did not seem satisfied, I hope this makes him satisfied. Cross-site request forgery and Cross-site scripting are both client side attacks which performs action on behalf of users. Just some context here - Cross-site scripting (or XSS) allows an attacker to execute arbitrary JavaScript within the browser of a victim user. The attack happen because of the acceptance of the malicious code by the sites....

June 28, 2022 · 4 min · Kumar Ashwin

Kubernetes Concept

I have been wanting to learn about kubernetes k8s since long, and create this blog series. Here we are finally started (thanks to null cloud security study group ), so without wasting too much time let’s get started. I am learning this having a security mindset, to find common misconfigurations and understand the development process to understand the mitigation. K8s is a container orchestrator. Before diving too much into the depth let’s see what orchestrators/orchestrations are....

January 17, 2022 · 5 min · Kumar Ashwin
personal collaborator image

This is why you need a personal Collaborator Client!

If you have used Burp’s collaborator client for your Out-of-band testing, you know it’s awesome. Then why there is a need for a personal collaborator client? There are a few things that need to be addressed. Companies have started to blacklist burp collaborator’s domain, making it difficult for OOB vulnerabilities detection. ( Read here ) Collaborator client is not available for the community/free edition of BurpSuite. This brings the need for having a personal collaborator client, with no to minimal investments, that will help us in the detection of any out-of-band/blind vulnerabilities, and I have linked an amazing cheatsheet below that will guide in OOB Exploitation....

June 22, 2021 · 3 min · Kumar Ashwin

How does burp proxy work?

What’s a proxy? A proxy acts as a gateway between you and the internet. The internet traffic flow back and forth if a proxy is setup in the middle. So, what is the need of proxy? There are several reasons organizations and individuals use proxies: Control and monitor internet usage Proxy servers can give better speed and bandwidth by caching websites Proxy servers can also be setup along with VPNs to provide anonymity and better security There are different types of proxies, but a specific type of proxy that we are going to talk about in this blog is interception proxy....

June 7, 2021 · 5 min · Kumar Ashwin