TECHNICAL Abusing Windows 10 Narrator 'Feedback-Hub' for Fileless Persistence While investigating Ease of Access options in Windows 10 I managed to find a new persistence technique.
TECHNICAL OSINT Basics: Detecting and Enumerating Firewalls & Gateways The following article will deal with basics and teach you how to detect and enumerate firewalls and gateways.
TECHNICAL Reply CTF Write-Up This years Reply Cybersecurity Challenge was a 'CTF Edition' with some great prizes up for grabs so I got involved!
TECHNICAL Don't Think About Being a Black Hat Don't even think about being a black hat, I did and regret it. Also here is how to hack a PC and turn on the webcam.
TECHNICAL Weak DPAPI encryption at rest in NordVPN The NordVPN client leverages a DPAPI to save their user login credentials, but this makes the credentials vulnerable.
TECHNICAL Backdooring My Router Firmware I decided to backdoor the firmware on my D-Link DIR-300 Router in order to satisfy my curiosity.
TECHNICAL Abusing PHP query string parser to bypass IDS, IPS, and WAF Learn how IDS, IPS, and WAFs are vulnerable because of the design limitations of the PHP query string parser.
TECHNICAL Introduction To Serverless Security: Part 3 - Preventing Accidental Deletion Avoid falling victim to the pitfall of accidentally deleting your critical data when using Serverless. Learn how to enable AWS CloudFormation termination protection.
CYBERSEC Zero Trust Upgrade Your Web Gateway What I like most about this zero trust upgrade model is that I can isolate all the fucks I have to give about the malicious traffic passing through my web gateway.
TECHNICAL A Guide To x86 Assembly A beginners guide to the X86 Assembly Language, also known as 'assembler', a low level programming language.
TECHNICAL Bug Bounty Insider RyanDeveloping takes us on a journey of discovery into the wonderful world of Bug Bounty Programs. Where we learn about the history, best platforms, and how you can get started. Ryan also interviews members of the community about their views.
TECHNICAL Bypass XSS filters using JavaScript global variables In this article, theMiddle discusses the many possibilities to exploit a reflected (or even stored) XSS when there are filters or WAF's protecting the website.
TECHNICAL Three Reasons Developers Hate Updating Programming Languages Why do Developers hate updating Programming Languages? In this article learn why, and gain insight from engineers who have a different viewpoint.
TECHNICAL Attacking Encryption Systems Cryptography is the science of secret writing, its usage dates back to ancient civilizations. It has two main components, encryption and steganography.
TECHNICAL Shooting Rubber Bands At Firewalls How to defend against this denial of service attack which can be used to deactivate firewalls from a number of vendors, for less than five dollars.
TECHNICAL Notes On CVE-2019-0708 (RCE 0day) This week a major RCE vulnerability has been spotted in the wild which affects affects a number of Microsoft OS's including Windows 7, Server 2008, Windows 2003 & Windows XP.
TECHNICAL Introduction To Serverless Security: Part 2 - Input Validation Infosec writer Miguel A. Calles illustrates the importance of input validation in serverless environments where there are multiple input sources.
TECHNICAL How To Technically Deal With An Intrusion On A Windows System It's late in the evening, you're getting ready to sleep when your phone rings, it's one of your relatives, "I think someone hacked into my computer, I need help". What's your next move?
TECHNICAL Introduction To Serverless Security: Part 1 - Dependencies Infosec writer Miguel A. Calles argues it is a good idea to review which packages you import, the dependency tree, and known vulnerabilities when writing your serverless application.
TECHNICAL PowerShell Logging and Security This tutorial aims to help you get PowerShell logs from your endpoints into your SIEM to protect you from modern PowerShell abuse.
TECHNICAL Homegrown Cyber Threat Intelligence With STIX2 and Couchbase Threat intelligence is an important part of incident response and vulnerability management, in this article we show you how to create and archive threat intelligence, without paying vendors, using STIX and Couchbase.
TECHNICAL Curling With Hack The Box A fantastic technical write up of the Curling box challenge from Hack The Box and security researcher aPirateMoo.
TECHNICAL Powershell CLM Bypass Using Runspaces Learn about Powershell's CLM and one of the ways you can bypass the Constrained Language Mode (CLM) using Runspaces.
TECHNICAL How To Harden Your Docker Containers Properly securing your containers can be time consuming. This technical walkthrough will guide you through the steps involved in hardening your containers.
TECHNICAL Investigation - A Fraudulent App With Some Dangerous Permissions A security researcher is hot on the trail of the creators of a fraudulent Android app with some dangerous permissions, in this ongoing investigation and analysis.