Here are 10 actionable tips that you can use to improve the overall cyber security posture of your organization, and also to protect against some of the most common attacks out there.
In this article, we will discuss Denial-of-Service vulnerabilities, how to find one, and present 25 disclosed reports based on this issue.
A Denial-of-Service (DoS) can be an attack vector or vulnerability through which you can make an application, machine, or network unresponsive to its users.
Our main focus is on the Application-layer Denial-of-Service (DoS) attacks, that you can find in bug bounty programs, but we will also discuss most common types of Denial-of-Service:
Are you looking to get into Penetration Testing, Ethical Hacking, or Red Teaming? If the answer is yes, then this article is definitely for you!
A Penetration Test, or commonly named “Pentest”, is the process of evaluating the security weaknesses of an organization’s assets, using similar methodologies to the ones used by real attackers.
The answer is clearly, NO!
A Pentest is not equal to a Vulnerability Assessment, and a lot of people tend to confuse the terms. From my experience, I have encountered clients that requested a Penetration Test, but in reality, they wanted a Vulnerability Assessment, or vice-versa…
In this article, we will discuss CSRF vulnerability, how to find one and present 25 disclosed reports based on this issue.
Cross-Site Request Forgery or CSRF is a web-based vulnerability through which an attacker targets the client-side into executing or performing unwanted actions while they are authenticated. This issue must be combinated with a social engineering technique in order to accomplish its exploitation goals. The impact can vary from low severity to a complete application compromise, depending on the components and endpoints affected of CSRF.
Let’s take a look over three common types of CSRF:
In this article, we will discuss Cross-Site Scripting (XSS) vulnerability, how to find one and present 5 creative ways to demonstrate its impact by exploiting it.
There are multiple types of this vulnerability (based on how the malicious scripts are stored and executed):
In this article, we will discuss XXE vulnerability, how to find one, and present 25 disclosed reports based on this issue.
XXE stands for “XML External Entity”, and it is an injection vulnerability in which the attacker exploits the XML parser of an application (the way how the system processes XML-based input).
This vulnerability is dangerous because it can be leveraged, and it can lead to multiple attack types that could result in a full compromise of the application.
A critical requirement for such an attack to work is to have XML entities enabled within the parser.
In this article, we are going to discuss and analyze the methodology behind an infection with the Dharma ransomware.
The ransomware from the Dharma family dates back to 2016, but different and more complex variants were developed and released over time. Later analysis concluded that Dharma evolved from the CrySIS family, which was released in early 2016.
In this article, we will discuss WordPress security, common attacks, and present 25 disclosed reports from their public bug bounty program.
WordPress is one of the most popular Content Management Systems (CMS) in this world. It was released in 2003, and currently, it is used by over 60 million websites.
It is open-source and easy-to-use, which means that anybody can deploy a WordPress instance in less an hour.
As the underlying architecture, it is based on PHP and MySQL/MariaDB. One of the main strengths that made WordPress so popular, is the possibility of installing custom plugins and themes, which allows…
In this article, we will discuss three effective methods to hijack the Python library in a Linux environment.
Let’s see… What happens if a Python script runs with sudo privileges, but you have got write permissions on the imported module?
Exactly! You can escalate your privileges by editing the imported functions to call system commands or even spawn a shell, that will have root rights.
I am going to share three scenarios where anybody can exploit this vulnerability (or better call it a “security misconfiguration”):
Cyber Security Enthusiast, Freelancer, Researcher, Bug Bounty Hunter and InfoSec Writer.