TECHNICAL ModSecurity Denial of Service Details and PoC CVE-2019-19886 Security researcher Andrea Menin tells us the story of vulnerabilities he found in libModSecurity.
TECHNICAL Apple iCloud Credential Stealing Better phishing with CVE-2020-3841 from security researcher Sebastian Bicchi and his red team exercise.
TECHNICAL Vehicle Hacking Part 1: Understanding the Attack Surface Car Hacking 101 - Understanding the attack surface and mapping out basic threat modelling for cars IO points.
TECHNICAL Quantum Computing 101 - Part Two (Shor's Algorithm) Welcome to part two of our series on Quantum Computing, in which security research Kaboom hurts our heads with math by explaining Shors Algorithm.
OSINT Trawling for Fishermen - Investigating a Chinese Honeynet Join OSINT hunter N0mad as he investigates a Chinese honeynet that lights up like a Christmas tree.
TECHNICAL How To Avoid A Full SQL Server Transaction Log Your SQL Transaction Log is a file. That file contains records, as the name would suggest, of all SQL transactions that are made.
TECHNICAL Ransomware: Attack Techniques and Countermeasures Learn more about ransomware attack techniques and countermeasures with infosec author Nihad Hassan.
TECHNICAL A Definitive Guide To DMARC Learn about DMARC and how it can prevent fraudulent or spoofed emails being sent from your domain. Includes full DMARC setup instructions!
OSINT Build An OSINT Username Search Tool Using SULTAN In this article I will show you how to build your own custom OSINT username search tool using a python script that I call SULTAN.
TECHNICAL Abusing Windows 10 Narrator 'Feedback-Hub' for Fileless Persistence While investigating Ease of Access options in Windows 10 I managed to find a new persistence technique.
TECHNICAL OSINT Basics: Detecting and Enumerating Firewalls & Gateways The following article will deal with basics and teach you how to detect and enumerate firewalls and gateways.
TECHNICAL Reply CTF Write-Up This years Reply Cybersecurity Challenge was a 'CTF Edition' with some great prizes up for grabs so I got involved!
TECHNICAL Don't Think About Being a Black Hat Don't even think about being a black hat, I did and regret it. Also here is how to hack a PC and turn on the webcam.
TECHNICAL Weak DPAPI encryption at rest in NordVPN The NordVPN client leverages a DPAPI to save their user login credentials, but this makes the credentials vulnerable.
TECHNICAL Backdooring My Router Firmware I decided to backdoor the firmware on my D-Link DIR-300 Router in order to satisfy my curiosity.
TECHNICAL Abusing PHP query string parser to bypass IDS, IPS, and WAF Learn how IDS, IPS, and WAFs are vulnerable because of the design limitations of the PHP query string parser.
TECHNICAL Introduction To Serverless Security: Part 3 - Preventing Accidental Deletion Avoid falling victim to the pitfall of accidentally deleting your critical data when using Serverless. Learn how to enable AWS CloudFormation termination protection.
CYBERSEC Zero Trust Upgrade Your Web Gateway What I like most about this zero trust upgrade model is that I can isolate all the fucks I have to give about the malicious traffic passing through my web gateway.
TECHNICAL A Guide To x86 Assembly A beginners guide to the X86 Assembly Language, also known as 'assembler', a low level programming language.
TECHNICAL Bug Bounty Insider RyanDeveloping takes us on a journey of discovery into the wonderful world of Bug Bounty Programs. Where we learn about the history, best platforms, and how you can get started. Ryan also interviews members of the community about their views.
TECHNICAL Bypass XSS filters using JavaScript global variables In this article, theMiddle discusses the many possibilities to exploit a reflected (or even stored) XSS when there are filters or WAF's protecting the website.
TECHNICAL Three Reasons Developers Hate Updating Programming Languages Why do Developers hate updating Programming Languages? In this article learn why, and gain insight from engineers who have a different viewpoint.
TECHNICAL Attacking Encryption Systems Cryptography is the science of secret writing, its usage dates back to ancient civilizations. It has two main components, encryption and steganography.
TECHNICAL Shooting Rubber Bands At Firewalls How to defend against this denial of service attack which can be used to deactivate firewalls from a number of vendors, for less than five dollars.
TECHNICAL Notes On CVE-2019-0708 (RCE 0day) This week a major RCE vulnerability has been spotted in the wild which affects affects a number of Microsoft OS's including Windows 7, Server 2008, Windows 2003 & Windows XP.