Netacoding 🛡️
Dedicated to Low-Level Research and Cybersecurity Tools. Analyze internet protocols, master Assembly language, and use our professional-grade security toolkit for daily operations.
HTTP Request Smuggling: Parsing Differentials, Protocol Abuse, and Why Traffic Volume is the Real Force Multiplier
Forget the toy examples. This is a byte-level breakdown of HTTP request smuggling: how parsing differentials arise in proxy chains, why H2 downgrade reintroduces eliminated attack surface, and why a low-reliability primitive in staging becomes an automated credential harvester in production.
CDP: Cyclic Digit-sum Projection — Structural Analysis of SHA-256 Output Distribution
SHA-256 is not broken. But its output distribution is not as featureless as commonly assumed. CDP maps SHA-256 outputs into a finite projection space, exposing deterministic cyclic behavior, basin asymmetry, input class fingerprinting, and an exploitable pre-filter for constrained input spaces.
CWE-290 at Layer 3: IP Source Spoofing and uRPF Failure in Enterprise Wireless Infrastructure
Every spoofing attack starts with one missing check: does this packet actually come from where it claims? uRPF is the answer. When it is absent — CWE-290 — the entire network becomes an authentication bypass surface.
EtherLeak: IP Total Length Over-read via Ethernet Frame Padding
IP Total Length over-read via Ethernet frame padding is not a solved problem. CVE-2003-0001 (2003), CVE-2021-3031 (Palo Alto, 2021), and multiple 2026 findings prove the mechanism survives across architectures and vendors. This post breaks down the math, the invisibility cloak, and the PoC.
Smurf Amplification in 2026: Pre-Auth ICMP Reflection via L2 Broadcast
CVE-1999-0513 is 27 years old. The mechanism is alive. A 2026 enterprise wireless controller with no uRPF, no directed broadcast filtering, and an ICMP Echo handler that reflects to any source address gives you Smurf amplification from L2 adjacency. This post documents the full chain.