Category Archives: Security

What is none algorithm in JWT?

JWT RFC describes unsecured JWTs where there is no signature present. Such unsecured tokens have a header alg parameter set to none.

{"alg":"none"}

Read more

Introduction

In this article, I’m going to explain what hashcat is and how you can use it to crack an HS256 JSON Web Token using a brute-force attack.

With a weak JWT, your applications become vulnerable to identity theft as a hacker can impersonate any user he wants once the JWT is cracked and the HS256 secret is revealed.

Read more

It’s time to move to a new environment! I’m happy to announce that as of today, my security demos will be available 24/7 in Oracle Cloud! 🙂

How did I start my hacker’s guide demos? When did it start? And how have I moved to Oracle Cloud?

Read more

3/3