CYBERSEC Sideloading (Re-Sign) An iOS App To Install On A Jailed Device In this article Roy Shoemake walks us through the process and shows us how to install an IPA binary onto a jailed iOS device (aka sideloading).
TECHNICAL Blind Stored Cross-Site Scripting In this article, we join security researcher Roy Shoemake to learn what blind Cross-Site Scripting (XSS) is and a couple of ways to test for it.
CYBERSEC HackTheBox Walkthrough : Canape Now that the HackTheBox.eu CANAPE challenge has been retired, security researcher @DRX_Sicher can publish his walkthrough.
CTF HackTheBox - Canape write-up Canape retires this week, it's one of my favorite boxes on HTB for it's lessons on enumeration and scripting as well as a cool way to privesc. So, let's find our way in!
CYBERSEC HackTheBox - Poison Write Up Poison retires this week at HTB and it has some very cool privesc, plus another way to get into the box which needs us to, ahem, *poison* things.
TECHNICAL AWS Full Stackin’ w/ aaS This article from security researcher ZuphZuph will teach you about secure SaaS hosting within AWS. Everything here is generalized for the infotech/sec industries.
TECHNICAL HackTheBox - Stratosphere Write-up Stratosphere retires this week at HTB. I really liked this box for its awesome privilege escalation (privesc) and the rabbit holes. So without further ado, this is your pilot Minato reporting, looks like there's some turbulence... Lets hit stratosphere!!!
TECHNICAL Web Application Firewall (WAF) Evasion Techniques #3 Uninitialized Bash variable to bypass WAF regular expression based filters and pattern matching. Let's show it can be done on CloudFlare WAF and ModSecurity OWASP CRS3
TECHNICAL HackTheBox - Celestial Writeup Celestial retires this week, it was a pretty cool box with a good vulnerability to look into. So without any further blabbering, lets get to r00t!
CYBERSEC HackTheBox- Rabbit Writeup This week Rabbit retires on HTB, it’s one of my favorite boxes and after joining the Secjuice writing team, I decided to publish my first ever write-up.
TECHNICAL Finding The Real Origin IPs Hiding Behind CloudFlare or TOR TOR hidden services and reverse-proxy providers (e.g. CloudFlare) are useless if you are making simple mistakes. This is how you can reveal origin IPs when you make a mistake.
TECHNICAL Reverse Engineering My Own Website Security researcher Alessandro Innocenzi built his website using esoteric programming languages, a website that you have to first compile in order to get any information out of it.
TECHNICAL DNSBL: Not just for spam Security practitioner Menin_TheMiddle is using DNS to stop botnet, spammers and anonymous traffic with Nginx, Lua and DNSBL. Find out how.
TECHNICAL Bypassing Web Application Firewalls for Cross-Site-Scripting Web Application Firewalls can make your life much harder when using automated tools. But you can bypass a lot of firewalls when exploiting XSS vulnerabilities by analyzing them manually.
TECHNICAL Writing A Simple Directory Bruteforcing Tool with 25 Lines of Python Security researcher Rohan Chavan got bored one day and wrote a simple directory brute force tool using just 25 lines of Python.
OSINT How To Track Anyone Through Tinder An interesting look at how your online dating profile can be used to track you, from cybercrime investigator Nicole Beckwith who tracked the InfosecScribe.
CYBERSEC How I Stole Your Username & Password In Five Minutes Using WiFiPhisher. Security researcher Riccardo Landolfo explains how easy it is for a hacker to phish your usernames and passwords over a public WIFI network.
CYBERSEC AppArmor: Say Goodbye to Remote Command Execution. How to kill RCE and RFI directly on the php-fpm process. Let's do a test exploiting Drupalgeddon2.
CYBERSEC How To Setup SSL With LetsEncrypt for Linux & Windows LetsEncrypt is a great free alternative to paid SSL certs, in this guide Security Engineer @zuphzuph shows you how to set it up for Linux and Windows.
OSINT NumSpy: How To Find The Details of Any Mobile Number in India Learn how to find the details of any mobile phone number in India when conducting an OSINT operation, in the latest article by security researcher Sameer Bhatt.
CYBERSEC How To Setup Miners For Monero (XMR) Learn how to securely set up and operate a Monero miner, to mitigate against cyber theft with Alessanco Innocenzi.
CYBERSEC An XSS Road Trip (Journey Through The Web #1) Join us on a journey through the web, and an XSS roadtrip with Paul Dannewitz who gives us some good examples of XSS vulnerabilities that he found in the wild.
CYBERSEC My First Foray Into Software Reverse Engineering Security researcher Alessandro Innocenzi is dipping his toe into reverse engineering, join him on his journey and find our what he learned.
