Reference
Security Techniques
Field-tested guides to encoding, obfuscation, web security, and forensic analysis. Each one links to a hands-on tool you can use right now, no install, nothing leaves your browser.
28 techniques across 8 categories
Encoding & Decoding
4 guides
Base64 Decoding
How to decode Base64-encoded payloads found in malware, phishing kits, and obfuscated scripts. Detect hidden URLs, credentials, and executable code.
URL Encoding and Decoding
Decode percent-encoded URLs to reveal hidden paths, parameters, and payloads. Detect double-encoding attacks and URL-based injection attempts.
Hex Encoding in Malware and Obfuscated Code
Decode hex-encoded strings in malware samples, obfuscated JavaScript, and network traffic. Identify file signatures by magic bytes.
HTML Entity Encoding in XSS and Phishing
Decode HTML entities used to obfuscate XSS payloads, phishing page content, and malicious scripts embedded in web pages.
Obfuscation & Deobfuscation
4 guides
JavaScript Deobfuscation Techniques
How to deobfuscate JavaScript malware, phishing scripts, and browser exploits. Reverse eval packing, string rotation, array shuffling, and control flow flattening.
Unpacking eval() in Malicious JavaScript
How to unpack eval-wrapped JavaScript used in malware droppers, exploit kits, and obfuscated phishing scripts. Safe techniques for revealing hidden code.
Decoding String.fromCharCode in Malicious Scripts
Reverse String.fromCharCode obfuscation used in JavaScript malware and XSS payloads. Convert character code arrays back to readable strings.
PHP eval(base64_decode()) Malware Patterns
Identify and decode PHP webshells and backdoors that use eval(base64_decode()). Common patterns in WordPress hacks, file upload exploits, and server compromises.
Web Security
4 guides
Content Security Policy (CSP) Analysis
How to analyze and audit Content-Security-Policy headers. Detect unsafe-inline, unsafe-eval, wildcard sources, and other misconfigurations that enable XSS.
CORS Misconfigurations and Security Risks
Detect dangerous CORS configurations: wildcard origins with credentials, reflected origins, null origin attacks, and overly permissive access-control headers.
Cookie Security Flags: Secure, HttpOnly, SameSite
Audit cookie security attributes. Detect session cookies missing Secure, HttpOnly, or SameSite flags that enable session hijacking and CSRF attacks.
HTTP Security Headers Checklist
Review HTTP response headers for security misconfigurations. Check for missing HSTS, X-Content-Type-Options, X-Frame-Options, and information leaks in Server headers.
Forensics & Analysis
5 guides
Email Header Analysis
Parse email headers to trace message origin, verify SPF/DKIM/DMARC authentication, and detect spoofed sender addresses in phishing emails.
Shannon Entropy
Use Shannon entropy to identify encrypted files, compressed data, obfuscated code, and packed malware. High entropy means hidden content.
EXIF Metadata Extraction and Privacy Risks
Extract EXIF metadata from images to find GPS coordinates, camera details, timestamps, and software used. Understand the privacy risks of embedded photo metadata.
Regex Patterns
Regular expression patterns for extracting indicators of compromise: IP addresses, domains, hashes, URLs, email addresses, and Bitcoin wallets from security logs and reports.
SSL/TLS Certificate Inspection and Verification
Decode and inspect X.509 certificates. Check validity, issuer chain, Subject Alternative Names, key strength, and detect expired or self-signed certificates.
Authentication & Tokens
2 guides
JWT Token Analysis and Security Pitfalls
Decode and inspect JSON Web Tokens. Detect algorithm confusion attacks, missing signature verification, excessive claims, and insecure token storage.
SAML Response Decoding and SSO Security
Decode Base64-encoded SAML responses and assertions. Inspect issuer, audience, conditions, and authentication context in SSO flows.
Crypto & Hashing
2 guides
Hash Identification and Verification
Identify hash types by length and format: MD5, SHA-1, SHA-256, SHA-512, bcrypt, and more. Use hashes for file integrity verification and IOC matching.
IP Address and CIDR Subnet Analysis
Parse IP addresses, calculate subnet ranges, identify private/reserved networks, and expand CIDR notation for firewall rules and network forensics.
Phishing & Social Engineering
2 guides
Detecting Phishing URLs: Indicators and Techniques
Analyze URLs for phishing indicators: typosquatting, homoglyph attacks, suspicious subdomains, URL shortener abuse, and credential harvesting parameters.
Homoglyph and IDN Homograph Attack Detection
Detect Unicode homoglyph attacks in domain names and text. Identify Cyrillic, Greek, and other look-alike characters used for phishing and impersonation.
Web3 & Smart Contracts
5 guides
Decoding EVM Transaction Calldata
Read Ethereum transaction calldata to identify which function is being called, what parameters were passed, and whether the transaction does what the UI claims.
Detecting Token Approval Phishing in Calldata
Spot malicious approve(), permit(), and setApprovalForAll() calls before signing. Learn the calldata patterns wallet drainers use to empty wallets in a single signature.
Reverse Lookup of EVM Function Selectors
Identify unknown 4-byte function selectors by computing keccak256 of candidate signatures. Useful when reading calldata against unverified contracts.
Decoding Raw RLP-Encoded Ethereum Transactions
Parse signed and unsigned Ethereum transactions in RLP form. Inspect nonce, gas, value, chain ID, and signature fields across Legacy, EIP-2930, and EIP-1559 transaction types.
Reading Smart Contract Calldata
Use calldata decoding and selector lookups to spot honeypot contracts before interacting. Identify hidden fees, transfer-blocking logic, and admin backdoors without running the contract.
placeholder