Category Archives: Security

What is none algorithm in JWT?

JWT RFC describes unsecured JWTs where there is no signature present. Such unsecured tokens have a header alg parameter set to none.


Read more


In this article, I’m going to explain what hashcat is and how you can use it to crack an HS256 JSON Web Token using a brute-force attack.

With a weak JWT, your applications become vulnerable to identity theft as a hacker can impersonate any user he wants once the JWT is cracked and the HS256 secret is revealed.

Read more

It’s time to move to a new environment! I’m happy to announce that as of today, my security demos will be available 24/7 in Oracle Cloud! 🙂

How did I start my hacker’s guide demos? When did it start? And how have I moved to Oracle Cloud?

Read more