One missing flag on a cookie enables session hijacking, and I almost glossed over it

Day 5 of the cybersecurity learning journey focused on various topics, building upon previous days' learning. The author delved into DNS record types, understanding their individual security implications. A key takeaway was the importance of the HttpOnly flag for cookies to prevent cross-site scripting attacks, a crucial security measure often overlooked. The author then explored TryHackMe's "HTTP in Detail" room, solidifying understanding of cookies. The learning also included an introduction to Python using "Automate the Boring Stuff," specifically covering variables, data types, and flow control. The value of loops was recognized for building security tools. The author successfully wrote and ran their first Python script in Kali Linux, experiencing helpful error messages. The post reflects on the week's progress, highlighting the practical learning through hands-on experience, particularly the exploit within the TryHackMe room. The author plans to continue with Bandit, delve into Python functions and lists, and aims to write a port scanner for Day 6. This hands-on approach emphasizes the practical application of theoretical knowledge. The author's notes are publicly accessible on GitHub.