‘HowWorks’ - new post type, explains how something works, in that case CRLF vulnerability

If we can inject some data in web app that doesn’t get proper validation/filtering and used in HTTP response Headers, then we can inject \r\n (HTTP line break, CRLF).

You can think of it as stored XSS, but instead Javascript, we inject \r\n which will allow to effectivly modify entire HTTP response from server to specific endpoint.

Social Engineering - its Social skills + Events Engineering

It’s my personal hacking learning strategy:

• Superficially recognize how it is done - you need to find familiar concepts
• Read OWASP Top-10 for it
• PRACTICE! Try find lab for this taks (Portswigger)
• Gather methodology on testing from various sources
• Get list of hack tools
• Based on methodology create own checklist on pentest
• Find checklists for this topic online and combine with own if needed
• PRACTICE! (TryHackMe, HackTheBox, Portswigger…)
• Fill the knowledge gaps
• Extra: Read books and articles to deepen knowledge base