HTTP Request Smuggling: Parsing Differentials, Protocol Abuse, and Why Traffic Volume is the Real Force Multiplier

Forget the toy examples. This is a byte-level breakdown of HTTP request smuggling: how parsing differentials arise in proxy chains, why H2 downgrade reintroduces eliminated attack surface, and why a low-reliability primitive in staging becomes an automated credential harvester in production.

June 21, 2026 · 11 min · JM00NJ

DNS State Exhaustion: From TCP Slot Starvation to NXNS Amplification

TIME_WAIT and Sockstress don’t translate directly to UDP DNS, but DNS has its own state surface. Recursive-client tables, pending-query slots, TCP/853 (DoT) and TCP/443 (DoH) sockets, delegation chains, and DNSSEC validation state are all exhaustible. This post covers water torture, NXNS, TsuNAME, NRDelegation, and the operational defaults that make DNS a softer target than HTTP.

May 11, 2026 · 13 min · JM00NJ

TCP Connection State Exhaustion: TIME_WAIT, Sockstress, and Why 4-Tuple Math Beats Port Counting

The ‘65536 port’ framing is wrong. TCP connection capacity is governed by 4-tuple uniqueness and kernel state tables, not port counts. This post breaks down TIME_WAIT exhaustion, Sockstress (window=0 + Persist Timer abuse), Slowloris-class L7 variants, and the conditions under which each is still effective today.

May 11, 2026 · 11 min · JM00NJ

Defying Python: Building a Bare-Metal HTTP Server in x86_64 Assembly

Throw away python -m http.server. Discover how to build a bare-metal web server from scratch using x64 Assembly, featuring zero-copy file transfers and manual IP parsing.

March 29, 2026 · 4 min · JM00NJ

Statistical Jitter and Timing Analysis: Precision Measurements in Network Protocols

Consistency is key in high-speed data. Beyond simple latency, jitter reveals the true health of a network. Discover how to bypass OS clock noise using RDTSC for nanosecond-scale precision.

March 27, 2026 · 3 min · JM00NJ

Building a Low-Level ICMP Sniffer in x64 Assembly (Raw Sockets)

Scapy or C are easy, but true control lies in the CPU cycles. Learn how to build a raw socket sniffer from scratch in x64 Assembly, bypassing libc for pure kernel interaction.

March 27, 2026 · 3 min · JM00NJ
DigitalOcean Referral Badge