TECHNICAL Bypass XSS filters using JavaScript global variables In this article, theMiddle discusses the many possibilities to exploit a reflected (or even stored) XSS when there are filters or WAF's protecting the website.
TECHNICAL Three Reasons Developers Hate Updating Programming Languages Why do Developers hate updating Programming Languages? In this article learn why, and gain insight from engineers who have a different viewpoint.
TECHNICAL Attacking Encryption Systems Cryptography is the science of secret writing, its usage dates back to ancient civilizations. It has two main components, encryption and steganography.
TECHNICAL Shooting Rubber Bands At Firewalls How to defend against this denial of service attack which can be used to deactivate firewalls from a number of vendors, for less than five dollars.
TECHNICAL Notes On CVE-2019-0708 (RCE 0day) This week a major RCE vulnerability has been spotted in the wild which affects affects a number of Microsoft OS's including Windows 7, Server 2008, Windows 2003 & Windows XP.
TECHNICAL Introduction To Serverless Security: Part 2 - Input Validation Infosec writer Miguel A. Calles illustrates the importance of input validation in serverless environments where there are multiple input sources.
TECHNICAL How To Technically Deal With An Intrusion On A Windows System It's late in the evening, you're getting ready to sleep when your phone rings, it's one of your relatives, "I think someone hacked into my computer, I need help". What's your next move?
TECHNICAL Introduction To Serverless Security: Part 1 - Dependencies Infosec writer Miguel A. Calles argues it is a good idea to review which packages you import, the dependency tree, and known vulnerabilities when writing your serverless application.
TECHNICAL PowerShell Logging and Security This tutorial aims to help you get PowerShell logs from your endpoints into your SIEM to protect you from modern PowerShell abuse.
TECHNICAL Homegrown Cyber Threat Intelligence With STIX2 and Couchbase Threat intelligence is an important part of incident response and vulnerability management, in this article we show you how to create and archive threat intelligence, without paying vendors, using STIX and Couchbase.
TECHNICAL Curling With Hack The Box A fantastic technical write up of the Curling box challenge from Hack The Box and security researcher aPirateMoo.
TECHNICAL Powershell CLM Bypass Using Runspaces Learn about Powershell's CLM and one of the ways you can bypass the Constrained Language Mode (CLM) using Runspaces.
TECHNICAL How To Harden Your Docker Containers Properly securing your containers can be time consuming. This technical walkthrough will guide you through the steps involved in hardening your containers.
TECHNICAL Investigation - A Fraudulent App With Some Dangerous Permissions A security researcher is hot on the trail of the creators of a fraudulent Android app with some dangerous permissions, in this ongoing investigation and analysis.
TECHNICAL DNS over HTTPS (+ModSecurity WAF) One of the problems with DNS is that a query is sent over an unencrypted connection, anyone listening to the packets knows the websites you visit.
TECHNICAL How To Deploy AdBlocker for Enterprise Learn how to deploy ad-blocking software to your computers in order to protect your users from malvertising.
TECHNICAL Uncover Infected Website Visitors Using Content Security Policies Security researcher Andrea Menin discovered that thousands of his website visitors were infected by using a content security policy.
TECHNICAL Insecure Direct Object Reference (IDOR) A short guide to Insecure Direct Object Reference (IDOR), how to defend against it and how to exploit it, from security researcher Abartan Dhakal.
TECHNICAL Building A Red Team WiFi Attack Car Why drive a normal car when you can drive a red team WiFi attack car? Join security researcher Sebastian Bicchi to build the ultimate wardriving vehicle.
TECHNICAL Penetration Testing Scanning 101.3 In part three of his series on penetration testing security researcher Hozaifa Owaisi covers port scanning and the tools used to get the job done.
TECHNICAL The LazySysAdmin Write-Up LazySysAdmin truly lives up to its name. This machine was configured by a lazy system administrator and thus, one clear thing to be looking for is a misconfigured system.
TECHNICAL Feed Your SIEM With Free Threat Intelligence Feeds Draw down free threat intelligence data to feed your security information and event management (SIEM) platform with these handy Powershell scripts.
TECHNICAL Simple Defenses vs Advanced Malware Defending your systems from advanced malware does not have to be difficult and costly. Learn how to improve your domain security with simple changes to tools you already own.
CYBERSEC Case Study: Wreaking Havoc via an API A deep dive case study from infosec writer Miguel Calles highlights the importance of addressing the highest OWASP security risk, injection.
TECHNICAL How To Exploit PHP Remotely To Bypass Filters & WAF Rules Learn about the possibilities that PHP gives us to exploit and execute code remotely in order to bypass filters, input sanitization, and WAF rules.
