Notes, snippets, learnings

Blog

Here I collect posts about development, tools, and experiments.

94 Posts
Zuletzt: 08.05.2026

Wiki: Vue

14.12.2025

wiki vue security

TL;DR Check v-html usage and any dynamic bindings like :href, :src, :style, :class. Look for open redirects in vue-router (e.g. ?redirect= or #/...). Inspect Vuex/localStorage...

Wiki: Tomcat

10.12.2025

wiki tomcat security

TL;DR Check common Tomcat entry points: :8080, /manager/html, /host-manager/html. Identify version from error pages, headers, or default pages. Test default creds and auth bypasses...

Wiki: Test Proxy App Integration

05.12.2025

wiki nginx infra

TL;DR app listens on container loopback sidecar exposes a narrow ingress point for the app environment proxy forwards to the sidecar path main gateway forwards to the environment...

Wiki: Security Concept Summary

26.11.2025

wiki security nginx

TL;DR Only the main gateway exposes 80/443. Internal ports are loopback-only. TLS is hardened and logs are split by status. Rate limits and health endpoints are in place. Controls...

Wiki: Okta

22.11.2025

wiki okta security

TL;DR Okta is an IDaaS provider for SSO, MFA, and user provisioning. Most issues come from misconfiguration, not Okta itself. Focus on redirect handling, token validation, and SCIM...

Wiki: OAuth

17.11.2025

wiki oauth security

TL;DR OAuth is about delegated access, not authentication by itself. Most bugs come from redirect URI, token validation, and scope handling. Always validate state, nonce, aud, iss,...

Wiki: OAuth Authentication

13.11.2025

wiki oauth auth

TL;DR OAuth is a delegation protocol; authentication is layered on top. The authorization code flow is the standard for web apps. The client exchanges a code for tokens, then calls...

Wiki: NGINX Reverse Proxy Pattern

08.11.2025

wiki nginx infra

TL;DR traffic flows from gateway to environment proxy to sidecar to app the environment proxy only publishes to host loopback the sidecar is the only direct ingress to the app...

Wiki: Main Gateway App Integration

04.11.2025

wiki nginx infra

TL;DR validate the app behind the sidecar and environment proxy first only then wire it into the main gateway keep the gateway focused on TLS termination, host routing, and headers...

Vault Admin Setup

28.10.2025

vault security runbook

Quick Commands # edit + deploy git status git add -A git commit -m "docs: update" git push # rebuild static blog output (local) cd site npm ci --no-audit --no-fund npm...

Wiki: IP Ranges

26.10.2025

wiki networking recon

TL;DR Know the common private, CGNAT, and link-local ranges. Use IPv6 ranges explicitly during recon; they are often less protected. For bug bounty, prioritize public netblocks,...

Overview

24.10.2025

vault pki infra

Current Source Of Truth The current implementation is documented in: GitHub: https://github.com/blade-34242/vault-ops README:...

Wiki: GraphQL Discovery

22.10.2025

wiki graphql recon

TL;DR Use a simple { __typename } query to detect GraphQL. Use graphw00f to fingerprint implementations. Quick Detection curl -X POST http://target/graphql \ -H 'Content-Type:...

Security Concept Summary

21.10.2025

security nginx infra

Security Concept Summary The security model is not based on one magic control. It is a stack of smaller boundaries: public traffic enters through a hardened gateway internal proxy...

Wiki: GraphQL Attack Vectors

17.10.2025

wiki graphql security

TL;DR Recon: find endpoints and enable introspection. DoS: deep recursion, batching, aliases, and fragments. AuthZ: field-level and object-level access checks. Recon Detect GraphQL...

Git and Shared SSH Agent Setup

10.10.2025

git ssh security

Git and Shared SSH Agent Setup I did not want every local service user on the VPS to have its own copy of Git credentials. The cleaner model was: one host-side Git identity one...

Wiki: Cache Oracle

04.10.2025

wiki cache http

TL;DR Cache-Control shows max age. Age shows current cached age. X-Cache or CF-Cache-Status indicates hit/miss. Detection Signals Cache-Control: max-age=... Age: ... X-Cache:...

Wiki: Web Cache Poisoning

25.09.2025

wiki cache security

TL;DR Cache poisoning targets shared cache entries. Look for unkeyed headers or params that affect the response. Verify that poisoned content is served to other users. What It Is...

Wiki: Web Cache Deception

21.09.2025

wiki cache security

TL;DR Trick the cache into storing dynamic, sensitive responses. Exploit path parsing discrepancies between cache and origin. Use cache busters to avoid stale data while testing....

Wiki: Subdomain Takeover

16.09.2025

wiki dns security

TL;DR A takeover happens when a subdomain points to an unclaimed external service. Look for dangling CNAMEs to SaaS providers. Confirm by matching known error messages and claiming...

Wiki: HTTP Request Smuggling

12.09.2025

wiki security http

TL;DR Request smuggling happens when frontend and backend parse Content-Length and Transfer-Encoding differently. Classic case: frontend uses CL, backend uses TE (CL.TE). Look for...

Wiki: ASP.NET

03.09.2025

wiki aspnet recon

TL;DR Windows/IIS labs often live in 192.168.x.0/24 or 10.0.0.0/8 ranges. Azure defaults show up as 10.0.0.0/24. If you have XSS or SSRF, target common internal ranges first....