TECHNICAL Abusing PHP query string parser to bypass IDS, IPS, and WAF Learn how IDS, IPS, and WAFs are vulnerable because of the design limitations of the PHP query string parser.
TECHNICAL Introduction To Serverless Security: Part 3 - Preventing Accidental Deletion Avoid falling victim to the pitfall of accidentally deleting your critical data when using Serverless. Learn how to enable AWS CloudFormation termination protection.
CYBERSEC Zero Trust Upgrade Your Web Gateway What I like most about this zero trust upgrade model is that I can isolate all the fucks I have to give about the malicious traffic passing through my web gateway.
TECHNICAL A Guide To x86 Assembly A beginners guide to the X86 Assembly Language, also known as 'assembler', a low level programming language.
TECHNICAL Bug Bounty Insider RyanDeveloping takes us on a journey of discovery into the wonderful world of Bug Bounty Programs. Where we learn about the history, best platforms, and how you can get started. Ryan also interviews members of the community about their views.
TECHNICAL Bypass XSS filters using JavaScript global variables In this article, theMiddle discusses the many possibilities to exploit a reflected (or even stored) XSS when there are filters or WAF's protecting the website.
TECHNICAL Three Reasons Developers Hate Updating Programming Languages Why do Developers hate updating Programming Languages? In this article learn why, and gain insight from engineers who have a different viewpoint.
TECHNICAL Attacking Encryption Systems Cryptography is the science of secret writing, its usage dates back to ancient civilizations. It has two main components, encryption and steganography.
TECHNICAL Shooting Rubber Bands At Firewalls How to defend against this denial of service attack which can be used to deactivate firewalls from a number of vendors, for less than five dollars.
TECHNICAL Notes On CVE-2019-0708 (RCE 0day) This week a major RCE vulnerability has been spotted in the wild which affects affects a number of Microsoft OS's including Windows 7, Server 2008, Windows 2003 & Windows XP.
TECHNICAL Introduction To Serverless Security: Part 2 - Input Validation Infosec writer Miguel A. Calles illustrates the importance of input validation in serverless environments where there are multiple input sources.
TECHNICAL How To Technically Deal With An Intrusion On A Windows System It's late in the evening, you're getting ready to sleep when your phone rings, it's one of your relatives, "I think someone hacked into my computer, I need help". What's your next move?
TECHNICAL Introduction To Serverless Security: Part 1 - Dependencies Infosec writer Miguel A. Calles argues it is a good idea to review which packages you import, the dependency tree, and known vulnerabilities when writing your serverless application.
TECHNICAL PowerShell Logging and Security This tutorial aims to help you get PowerShell logs from your endpoints into your SIEM to protect you from modern PowerShell abuse.
TECHNICAL Homegrown Cyber Threat Intelligence With STIX2 and Couchbase Threat intelligence is an important part of incident response and vulnerability management, in this article we show you how to create and archive threat intelligence, without paying vendors, using STIX and Couchbase.
TECHNICAL Curling With Hack The Box A fantastic technical write up of the Curling box challenge from Hack The Box and security researcher aPirateMoo.
TECHNICAL Powershell CLM Bypass Using Runspaces Learn about Powershell's CLM and one of the ways you can bypass the Constrained Language Mode (CLM) using Runspaces.
TECHNICAL How To Harden Your Docker Containers Properly securing your containers can be time consuming. This technical walkthrough will guide you through the steps involved in hardening your containers.
TECHNICAL Investigation - A Fraudulent App With Some Dangerous Permissions A security researcher is hot on the trail of the creators of a fraudulent Android app with some dangerous permissions, in this ongoing investigation and analysis.
TECHNICAL DNS over HTTPS (+ModSecurity WAF) One of the problems with DNS is that a query is sent over an unencrypted connection, anyone listening to the packets knows the websites you visit.
TECHNICAL How To Deploy AdBlocker for Enterprise Learn how to deploy ad-blocking software to your computers in order to protect your users from malvertising.
TECHNICAL Uncover Infected Website Visitors Using Content Security Policies Security researcher Andrea Menin discovered that thousands of his website visitors were infected by using a content security policy.
TECHNICAL Insecure Direct Object Reference (IDOR) A short guide to Insecure Direct Object Reference (IDOR), how to defend against it and how to exploit it, from security researcher Abartan Dhakal.
TECHNICAL Building A Red Team WiFi Attack Car Why drive a normal car when you can drive a red team WiFi attack car? Join security researcher Sebastian Bicchi to build the ultimate wardriving vehicle.
TECHNICAL Penetration Testing Scanning 101.3 In part three of his series on penetration testing security researcher Hozaifa Owaisi covers port scanning and the tools used to get the job done.
