TECHNICAL DNS over HTTPS (+ModSecurity WAF) One of the problems with DNS is that a query is sent over an unencrypted connection, anyone listening to the packets knows the websites you visit.
TECHNICAL How To Deploy AdBlocker for Enterprise Learn how to deploy ad-blocking software to your computers in order to protect your users from malvertising.
TECHNICAL Uncover Infected Website Visitors Using Content Security Policies Security researcher Andrea Menin discovered that thousands of his website visitors were infected by using a content security policy.
TECHNICAL Insecure Direct Object Reference (IDOR) A short guide to Insecure Direct Object Reference (IDOR), how to defend against it and how to exploit it, from security researcher Abartan Dhakal.
TECHNICAL Building A Red Team WiFi Attack Car Why drive a normal car when you can drive a red team WiFi attack car? Join security researcher Sebastian Bicchi to build the ultimate wardriving vehicle.
TECHNICAL Penetration Testing Scanning 101.3 In part three of his series on penetration testing security researcher Hozaifa Owaisi covers port scanning and the tools used to get the job done.
TECHNICAL The LazySysAdmin Write-Up LazySysAdmin truly lives up to its name. This machine was configured by a lazy system administrator and thus, one clear thing to be looking for is a misconfigured system.
TECHNICAL Feed Your SIEM With Free Threat Intelligence Feeds Draw down free threat intelligence data to feed your security information and event management (SIEM) platform with these handy Powershell scripts.
TECHNICAL Simple Defenses vs Advanced Malware Defending your systems from advanced malware does not have to be difficult and costly. Learn how to improve your domain security with simple changes to tools you already own.
CYBERSEC Case Study: Wreaking Havoc via an API A deep dive case study from infosec writer Miguel Calles highlights the importance of addressing the highest OWASP security risk, injection.
TECHNICAL How To Exploit PHP Remotely To Bypass Filters & WAF Rules Learn about the possibilities that PHP gives us to exploit and execute code remotely in order to bypass filters, input sanitization, and WAF rules.
CYBERSEC The Road To Reverse Engineering Malware Security researcher Pablo Ramos has prepared a structured guide to malware reverse engineering resources for those interested in getting started.
CYBERSEC Weaponizing CoAP For DDoS Attacks In his latest article Security Researcher Francseco Cipollone covers a little history of DoS and DDoS attacks and explains how the IoT CoAP protocol can be weaponized for DDoS attacks.
TECHNICAL How To Upload Any File To Amazon's Free Unlimited Photo Storage Space Have you ever wondered how to use Amazon Photos unlimited space for your own personal files? Wonder no longer, Alessandro Innocenzi has it all figured out and Amazon says it's fine.
TECHNICAL Metasploit Community CTF 2018 "Remembering Aaron Swartz" came second at this year's metasploit CTF. Most of us played for the first time and it was a unique experience.
TECHNICAL Access Control - Cloud vs Traditional (Part 2) The second in a series of articles from Security Chief Francesco Cipollone of NSC42 that deep dives into the subject of access control, authentication and compliance.
TECHNICAL Access Control : Cloud vs Tradition A closer look at access control systems and the difference between cloud bases access controls and the more traditional on-prem versions.
TECHNICAL My Journey To The Google Hall Of Fame This is the story of the how Abartan Dhakal managed to get into the Google Hall of Fame, along a path strewn with failure and invalid vulnerabilities.
CYBERSEC Secure Password Handling in Depth Infosec never gets bored of talking about passwords. In this article we deep dive into the consensus around web application password handling.
TECHNICAL Using Serverless Frameworks - Part 1 Serverless has become a movement in application development because it allows developers to focus on code and leave infrastructure to the providers.
CYBERSEC Getting Started With Objection + Frida How to get started assessing iOS apps on a nailed device using Objection. which enables us to assess an iOS app in an environment using Frida.
TECHNICAL False Flags In Threat Attribution The entire concept of threat attribution is tremendously flawed argues security researcher Matt Telfer. In this article we take a closer look at false flags.
TECHNICAL Flaring The Blue Team - When You Confuse Them You Lose Them In this article, we take a closer look at a flaring script for report-uri, one that we will use to confuse and distract the blue team by sending them random false positives. #flaring
CYBERSEC How To Build A Hash Cracking Rig In this article security researcher Sebastian Bicchi teaches us how to build a low-cost, but high quality cracking rig by repurposing a hardware crypto mining rig.
TECHNICAL Malware Analysis Using Memory Forensics Malware analysis can be very simple or very complex. The goal of this article is to introduce a process of using free tools that entry-level analysts can use to collect data.
