The Purple Team Journey: My Cybersecurity Chronicles.

DOM XSS in document.write Sink Using location.search DOM-based Cross-Site Scripting (DOM XSS) is one of the most important vulnerability classes in modern web security because it occurs entirely on the client side. Unlike reflected or stored XSS, where the server plays a direct role in injecting malicious content into responses, DOM XSS happens when insecure JavaScript running in the browser processes user-controlled input in an unsafe way and inserts it into the page as executable code. One of the most common and educational examples of this vulnerability is DOM XSS in a document.write sink using location.search as the source . This pattern is widely used in security labs because it clearly demonstrates how client-side JavaScript can transform simple URL input into executable JavaScript inside the browser. Understanding this vulnerability requires breaking it down into three core components: source, sink, and execution context . Understanding the Core Components 1. Source: locat...

Stored XSS into HTML context with nothing encoded is a more severe and persistent variant of cross-site scripting compared to reflected XSS. While reflected XSS requires immediate user interaction with a crafted request, stored XSS is saved on the server and later delivered to multiple users whenever the affected content is retrieved. This makes it especially dangerous because it turns a single injection point into a reusable attack that can impact many victims over time. In this type of vulnerability, user input is stored in a backend system such as a database, comment section, forum post, profile field, or any content management system. Later, when that stored data is displayed to users, it is inserted into the HTML response without proper encoding. Because of this lack of output encoding, the browser interprets the stored input as executable HTML and JavaScript. The key condition that makes this vulnerability possible is the same as reflected XSS: the application does not encode u...

Reflected XSS into HTML context with nothing encoded is one of the most fundamental web security vulnerabilities, and it is often used as the first serious example when learning how client-side attacks work. It demonstrates a direct failure in output handling where user-controlled input is inserted into an HTML response without any encoding or sanitization, allowing the browser to interpret it as executable markup instead of inert text. To fully understand this vulnerability, it is important to break it down into three core ideas: reflection, HTML context, and lack of encoding. Each of these contributes to the final exploitability of the issue, and together they create a condition where arbitrary JavaScript can be executed in the victim’s browser under the context of a trusted website. At its core, reflected XSS occurs when an application takes input from an HTTP request and immediately includes it in the response. This input may come from query parameters, form submissions, or even HT...

The Pyramid of Pain The Pyramid of Pain is a conceptual cybersecurity model that illustrates the varying levels of difficulty an adversary experiences when defenders detect and deny different types of indicators. It is widely used in threat intelligence, incident response, and defensive security operations to guide detection strategies and prioritize efforts that maximize disruption to attackers. The model was introduced by David J. Bianco and has since become a foundational concept in modern cybersecurity practices. Its central idea is that not all indicators of compromise (IOCs) are equally valuable. Some indicators are easy for attackers to change and therefore provide limited defensive value, while others are deeply tied to adversary behavior and are significantly more difficult to modify. The more difficult an indicator is for an attacker to change, the more “pain” it causes when defenders detect and block it. The Pyramid of Pain is structured as a hierarchy, with the least impact...

The Unified Kill Chain (UKC) The Unified Kill Chain (UKC) is a comprehensive cybersecurity framework designed to model, analyze, and mitigate cyberattacks across their entire lifecycle. It represents an evolution in how security professionals conceptualize adversarial behavior by addressing the limitations of earlier frameworks and adapting to the complexity of modern threat environments. Unlike traditional models that focus primarily on initial compromise or assume a linear progression of events, the UKC provides a continuous and iterative perspective on cyber intrusions, reflecting how attackers actually operate in real-world scenarios. The UKC builds upon the foundational concepts introduced by the Cyber Kill Chain developed by Lockheed Martin and integrates them with the behavioral taxonomy provided by the MITRE ATT&CK framework. The Cyber Kill Chain established a structured sequence of attack stages, enabling defenders to identify and disrupt adversarial activity at different ...