Photo by FLY:D on Unsplash

Here are 10 actionable tips that you can use to improve the overall cyber security posture of your organization, and also to protect against some of the most common attacks out there.

  1. Train your employees about security awareness. Humans represent the weakest links that attackers take advantage of, that’s why Phishing is one of the most popular delivery methods of malware and ransomware.
  2. Watch out for weak, default, or compromised passwords. If you haven’t done yet, you should enforce password policies for all the systems within your organization, which includes complexity and reusage checks. As soon as you deploy new…


In this article, we will discuss Denial-of-Service vulnerabilities, how to find one, and present 25 disclosed reports based on this issue.

What is Denial-of-Service?

A Denial-of-Service (DoS) can be an attack vector or vulnerability through which you can make an application, machine, or network unresponsive to its users.

Types of Denial-of-Service (DoS) Attacks

Our main focus is on the Application-layer Denial-of-Service (DoS) attacks, that you can find in bug bounty programs, but we will also discuss most common types of Denial-of-Service:

  • Volume-based DoS/DDoS Attacks: ICMP Floods, Ping-of-Death (PoD), and more
  • Protocol-based DoS/DDoS Attacks: SYN Floods, Fragmented Packets Floods, Smurf DoS/DDoS Attacks, and more
  • Application-based Dos/DDoS Attacks: Web Application…


(Source: Unsplash)

Are you looking to get into Penetration Testing, Ethical Hacking, or Red Teaming? If the answer is yes, then this article is definitely for you!

What is a Penetration Test?

A Penetration Test, or commonly named “Pentest”, is the process of evaluating the security weaknesses of an organization’s assets, using similar methodologies to the ones used by real attackers.

Penetration Test = Vulnerability Assessment?

The answer is clearly, NO!

A Pentest is not equal to a Vulnerability Assessment, and a lot of people tend to confuse the terms. From my experience, I have encountered clients that requested a Penetration Test, but in reality, they wanted a Vulnerability Assessment, or vice-versa…


(Source: Unsplash)

In this article, we will discuss CSRF vulnerability, how to find one and present 25 disclosed reports based on this issue.

What is CSRF?

Cross-Site Request Forgery or CSRF is a web-based vulnerability through which an attacker targets the client-side into executing or performing unwanted actions while they are authenticated. This issue must be combinated with a social engineering technique in order to accomplish its exploitation goals. The impact can vary from low severity to a complete application compromise, depending on the components and endpoints affected of CSRF.

Types of Cross-Site Request Forgery

Let’s take a look over three common types of CSRF:

  • URL-based CSRF: It can be…


(Source: Unsplash)

Introduction to Cross-Site Scripting (XSS)

In this article, we will discuss Cross-Site Scripting (XSS) vulnerability, how to find one and present 5 creative ways to demonstrate its impact by exploiting it.

Cross-Site Scripting (XSS) and the various types of it

It is a web-based vulnerability in which an attacker can inject malicious JavaScript code into the application, which will be later executed.

There are multiple types of this vulnerability (based on how the malicious scripts are stored and executed):

  1. Stored/Persistent XSS: malicious scripts are stored in the application, for example in a comment section.
  2. Reflected/Non-persistent XSS: malicious scripts are returned back to the user, for example in a search query.
  3. DOM-Based/Client-Side XSS: malicious scripts…


In this article, we will discuss XXE vulnerability, how to find one, and present 25 disclosed reports based on this issue.

What is XXE?

XXE stands for “XML External Entity”, and it is an injection vulnerability in which the attacker exploits the XML parser of an application (the way how the system processes XML-based input).

This vulnerability is dangerous because it can be leveraged, and it can lead to multiple attack types that could result in a full compromise of the application.

A critical requirement for such an attack to work is to have XML entities enabled within the parser.

Types of XXE

  • Reflected XXE: the…


(Dharma Ransom note)

In this article, we are going to discuss and analyze the methodology behind an infection with the Dharma ransomware.

History

The ransomware from the Dharma family dates back to 2016, but different and more complex variants were developed and released over time. Later analysis concluded that Dharma evolved from the CrySIS family, which was released in early 2016.


In this article, we will discuss WordPress security, common attacks, and present 25 disclosed reports from their public bug bounty program.

What is WordPress?

WordPress is one of the most popular Content Management Systems (CMS) in this world. It was released in 2003, and currently, it is used by over 60 million websites.

It is open-source and easy-to-use, which means that anybody can deploy a WordPress instance in less an hour.

As the underlying architecture, it is based on PHP and MySQL/MariaDB. One of the main strengths that made WordPress so popular, is the possibility of installing custom plugins and themes, which allows…


(Photo by David Clode on Unsplash)

In this article, we will discuss three effective methods to hijack the Python library in a Linux environment.

Why is it important?

Let’s see… What happens if a Python script runs with sudo privileges, but you have got write permissions on the imported module?

Exactly! You can escalate your privileges by editing the imported functions to call system commands or even spawn a shell, that will have root rights.

Methods to abuse this issue

I am going to share three scenarios where anybody can exploit this vulnerability (or better call it a “security misconfiguration”):

  1. Write Permissions on Imported Python Module
  2. Higher Priority Python Library Path with Broken Privileges
  3. Redirecting…


In this article, we will discuss a proposed solution to pwn the Resolute machine from HackTheBox.

Information Gathering

I started normally with a port scan, and it returned a bunch of open ports.

Cristian Cornea

Cyber Security Enthusiast, Freelancer, Researcher, Bug Bounty Hunter and InfoSec Writer.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store