[NetSec] Keeping Authentication Tokens Safe

An authentication token should not be left as it is in the database; that's common sense. But, applying a heavy hashing algorithm to secure it, also doesn't make much sense. Why? Authentication token, if it is created properly (128bits etc), is already very secure by itself. And by its nature, it doesn't contain any username… Continue reading [NetSec] Keeping Authentication Tokens Safe

[WriteUp] Hackthebox Invite Code Challenge

I was planning to join Hack The Box for awhile but kept postponing it until today. I had free time on this beautiful Saturday afternoon, I thought why not give it a try. It took around 45 minutes to get the result. I like the idea of hacking the invitation page first and proving you are… Continue reading [WriteUp] Hackthebox Invite Code Challenge

[WriteUp] OverTheWire – Natas – Part 1

OverTheWire hosts some cleverly designed war games and Natas is one them which is focusing on web security. It has 27 steps in total where it starts with the simplest challenge and gradually becomes more difficult. To access the next level, you have to capture the flag of the previous one. Let's start. Level 0… Continue reading [WriteUp] OverTheWire – Natas – Part 1