ryangombe.hashnode.devDNSSEC Testing Guide for Penetration TestersTable of Contents What is DNSSEC? Why DNSSEC Matters in Pentesting How DNSSEC Works DNSSEC Record Types Testing for DNSSEC Common DNSSEC Misconfigurations Attack Scenarios Reporting Guidelines Tools and Commands Reference What is DNSSEC? D...Sep 3, 2025·8 min read
ryangombe.hashnode.devXHR Context XSSIntroduction I've encountered countless scenarios where promising XSS vectors seemed to fail mysteriously. One of the most deceptive situations involves XHR (XMLHttpRequest) endpoints that appear vulnerable in isolation but require specific applicati...Jul 29, 2025·4 min read
ryangombe.hashnode.devSolving PortSwigger Labs: CORS vulnerability with trusted null originIntroduction Cross-Origin Resource Sharing (CORS) vulnerabilities can take many forms, and one of the most interesting variants involves trusting the "null" origin. In this article, we'll explore the PortSwigger Web Security Academy lab "CORS vulnera...Jul 23, 2025·5 min read
ryangombe.hashnode.devSolving Portswigger Labs: CORS vulnerability with basic origin reflectionIntroduction Cross-Origin Resource Sharing (CORS) vulnerabilities represent a significant security risk when misconfigured. In this walkthrough, we'll explore PortSwigger's "CORS vulnerability with basic origin reflection" lab, demonstrating how impr...Jul 23, 2025·4 min read