Elusive Thoughts

External Service Interaction & Out-of-Band Resource Loads — Updated 2026 External Service Interaction & Out-of-Band Resource Loads Host Header Exploitation // SSRF Primitives // Infrastructure Pivoting SSRF Host Header Injection CWE-918 OWASP A10:2021 Cache Poisoning Updated 2026 In the recent past we encountered two relatively new types of attacks: External Service Interaction (ESI) and Out-of-Band Resource Loads (OfBRL). An ESI [1] occurs only when a web application allows interaction with an arbitrary external service. OfBRL [6] arises when it is possible to induce an application to fetch content from an arbitrary external location, and incorporate that content into the application's own response(s). Taxonomy Note (2026): Both ESI and OfBRL are now classified under OWASP A10:2021 — SSRF and map to CWE-918 (Server-Side Request Forgery). ESI also maps to CWE-441 (Unintentional Pro...

Web Application Denial of Service Next Level In this tutorial we are going to talk on how to cause maximum down time (including operational recovery processes ) in anything that uses the word Web, this is also known as a Denial o Service Attack. Using this knowledge for malicious purposes is not something I am recommending or approve and I have zero accountability on how you use this knowledge. This is the reason I am providing also with countermeasures on the end of the post.       What Is The Landscape In the past we have seen many Denial of Service attacks, but most of them were not very sophisticated. A very good example would be the Low Orbit Ion Cannon (LOIC). LOIC performs a DoS attack (or when used by multiple individuals, a DDoS attack) on a target site by flooding the server with TCP or UDP packets with the intention of disrupting the service of a particular host. People have used LOIC to join voluntary botnets.[2] All these att...

Introduction The reason for this blog post is to analyse certain types of attacks that relate to cache manipulation and recently resurfaced by various BlackHat and Defcon presentation. More specifically we are interested in the following type of attacks: Web Cache Poisoning Attacks  Web Cache Deception Attacks About the cache Many people fail to understand what exactly what is a Web cache , and therefore, I am going to invest a lot of time to analyse and explain what is a cache from Hacker/Security Professional perspective, when conducting a pentest or simple hacking a site. The cache In computing, a cache is a hardware or software component that stores data so that future requests for that data can be served faster [1]. Hmm interesting, very interesting, also the data stored in a cache might be the result of an earlier computation or a copy of data stored elsewhere [1]. So data might be replicated to other locations within the system that serves the conte...