TECHNICAL Windows Forensics: Artifacts (2) We continue our digital forensics journey with Windows artifacts, so let's jump right in and continue to look for artifacts in Windows!
TECHNICAL HTB Obscurity Walkthrough King of the walkthrough's Andy from Italy is back with another technical explanation of how he cracked the HackTheBox Obscurity box.
TECHNICAL HTB OpenAdmin Walkthrough Welcome to another of my technical HackTheBox walk throughs, this time we take on HTB OpenAdmin.
TECHNICAL Understanding NoSQL Injection and How to Prevent it An injection is a security vulnerability that lets attackers take control of database queries. There is only one thing you can do, "SANITIZATION"
TECHNICAL Cybersecurity for Beginners - Part 3: Weaponization Part three in Andy's Cybersecurity For Beginners series. In this episode he enthusiastically covers weaponization.
TECHNICAL HTML5 Attacks - Episode 01 Part one in a series covering the different kinds of HTML5 attacks, in this episode we cover websocket attacks.
TECHNICAL HTB Traverxec Walkthrough Welcome to my write up of how I hacked the Traverxec box on HackTheBox!
TECHNICAL How To Bypass CSP By Hiding JavaScript In A PNG Image Hide a malicious JavaScript library in a PNG image and tweet it, then include it in a vulnerable website by exploiting a XSS bypassing its Content-Security-Policy (CSP).
INFOSEC Insecure Serverless Plugins: Why You Should Inspect the Source Code The Serverless Framework supports numerous plugins and they save so much time, but this convenience can come with a negative downside.
TECHNICAL HTB Postman Walkthrough Now that its been retired, lets take a deep dive into the “Postman” machine on HackTheBox so I can show you how I went about hacking it!
INFOSEC When Politicians Do Cybersecurity An insightful critique of the European Union's Cybersecurity Act, created by politicians rather than infosec people.
TECHNICAL HTB "Eat the Cake!" Challenge An excellent write up of the 'Eat The Cake' challenge on HackTheBox.
INFOSEC Removing Sensitive Data & Plaintext Secrets from GitHub Learn how to clean your GitHub history, repository and pull requests containing sensitive data (like passwords), and prevent developers from committing secrets.
TECHNICAL ModSecurity Denial of Service Details and PoC CVE-2019-19886 Security researcher Andrea Menin tells us the story of vulnerabilities he found in libModSecurity.
TECHNICAL Apple iCloud Credential Stealing Better phishing with CVE-2020-3841 from security researcher Sebastian Bicchi and his red team exercise.
TECHNICAL Vehicle Hacking Part 1: Understanding the Attack Surface Car Hacking 101 - Understanding the attack surface and mapping out basic threat modelling for cars IO points.
TECHNICAL Quantum Computing 101 - Part Two (Shor's Algorithm) Welcome to part two of our series on Quantum Computing, in which security research Kaboom hurts our heads with math by explaining Shors Algorithm.
OSINT Trawling for Fishermen - Investigating a Chinese Honeynet Join OSINT hunter N0mad as he investigates a Chinese honeynet that lights up like a Christmas tree.
TECHNICAL How To Avoid A Full SQL Server Transaction Log Your SQL Transaction Log is a file. That file contains records, as the name would suggest, of all SQL transactions that are made.
TECHNICAL Ransomware: Attack Techniques and Countermeasures Learn more about ransomware attack techniques and countermeasures with infosec author Nihad Hassan.
TECHNICAL A Definitive Guide To DMARC Learn about DMARC and how it can prevent fraudulent or spoofed emails being sent from your domain. Includes full DMARC setup instructions!
OSINT Build An OSINT Username Search Tool Using SULTAN In this article I will show you how to build your own custom OSINT username search tool using a python script that I call SULTAN.
TECHNICAL Abusing Windows 10 Narrator 'Feedback-Hub' for Fileless Persistence While investigating Ease of Access options in Windows 10 I managed to find a new persistence technique.
TECHNICAL OSINT Basics: Detecting and Enumerating Firewalls & Gateways The following article will deal with basics and teach you how to detect and enumerate firewalls and gateways.