TECHNICAL Flaring The Blue Team - When You Confuse Them You Lose Them In this article, we take a closer look at a flaring script for report-uri, one that we will use to confuse and distract the blue team by sending them random false positives. #flaring
CYBERSEC How To Build A Hash Cracking Rig In this article security researcher Sebastian Bicchi teaches us how to build a low-cost, but high quality cracking rig by repurposing a hardware crypto mining rig.
TECHNICAL Malware Analysis Using Memory Forensics Malware analysis can be very simple or very complex. The goal of this article is to introduce a process of using free tools that entry-level analysts can use to collect data.
TECHNICAL An Introduction To Binary Exploitation Interested in binary exploitation? Then welcome to a very detailed beginners guide and introduction to help you start your journey's in binary exploitation!
CYBERSEC Passive Reconnaissance Using OSINT This article explores the basics and core aspects of OSINT from a reconnaissance perspective, in which we map out the entire public facing infrastructure of a target.
CYBERSEC Sideloading (Re-Sign) An iOS App To Install On A Jailed Device In this article Roy Shoemake walks us through the process and shows us how to install an IPA binary onto a jailed iOS device (aka sideloading).
TECHNICAL Blind Stored Cross-Site Scripting In this article, we join security researcher Roy Shoemake to learn what blind Cross-Site Scripting (XSS) is and a couple of ways to test for it.
CYBERSEC HackTheBox Walkthrough : Canape Now that the HackTheBox.eu CANAPE challenge has been retired, security researcher @DRX_Sicher can publish his walkthrough.
CTF HackTheBox - Canape write-up Canape retires this week, it's one of my favorite boxes on HTB for it's lessons on enumeration and scripting as well as a cool way to privesc. So, let's find our way in!
CYBERSEC HackTheBox - Poison Write Up Poison retires this week at HTB and it has some very cool privesc, plus another way to get into the box which needs us to, ahem, *poison* things.
TECHNICAL AWS Full Stackin’ w/ aaS This article from security researcher ZuphZuph will teach you about secure SaaS hosting within AWS. Everything here is generalized for the infotech/sec industries.
TECHNICAL HackTheBox - Stratosphere Write-up Stratosphere retires this week at HTB. I really liked this box for its awesome privilege escalation (privesc) and the rabbit holes. So without further ado, this is your pilot Minato reporting, looks like there's some turbulence... Lets hit stratosphere!!!
TECHNICAL Web Application Firewall (WAF) Evasion Techniques #3 Uninitialized Bash variable to bypass WAF regular expression based filters and pattern matching. Let's show it can be done on CloudFlare WAF and ModSecurity OWASP CRS3
TECHNICAL HackTheBox - Celestial Writeup Celestial retires this week, it was a pretty cool box with a good vulnerability to look into. So without any further blabbering, lets get to r00t!
CYBERSEC HackTheBox- Rabbit Writeup This week Rabbit retires on HTB, it’s one of my favorite boxes and after joining the Secjuice writing team, I decided to publish my first ever write-up.
TECHNICAL Finding The Real Origin IPs Hiding Behind CloudFlare or Tor Tor hidden services and reverse-proxy providers (e.g. CloudFlare) are useless if you are making simple mistakes. This is how you can reveal origin IPs when you make a mistake.
TECHNICAL Reverse Engineering My Own Website Security researcher Alessandro Innocenzi built his website using esoteric programming languages, a website that you have to first compile in order to get any information out of it.
TECHNICAL DNSBL: Not just for spam Security practitioner Menin_TheMiddle is using DNS to stop botnet, spammers and anonymous traffic with Nginx, Lua and DNSBL. Find out how.
TECHNICAL Featured Bypassing Web Application Firewalls for Cross-Site-Scripting Web Application Firewalls can make your life much harder when using automated tools. But you can bypass a lot of firewalls when exploiting XSS vulnerabilities by analyzing them manually.
TECHNICAL Writing A Simple Directory Bruteforcing Tool with 25 Lines of Python Security researcher Rohan Chavan got bored one day and wrote a simple directory brute force tool using just 25 lines of Python.
CYBERSEC How I Stole Your Username & Password In Five Minutes Using WiFiPhisher. Security researcher Riccardo Landolfo explains how easy it is for a hacker to phish your usernames and passwords over a public WIFI network.
CYBERSEC Featured AppArmor: Say Goodbye to Remote Command Execution. How to kill RCE and RFI directly on the php-fpm process. Let's do a test exploiting Drupalgeddon2.
CYBERSEC How To Setup SSL With LetsEncrypt for Linux & Windows LetsEncrypt is a great free alternative to paid SSL certs, in this guide Security Engineer @zuphzuph shows you how to set it up for Linux and Windows.
OSINT NumSpy: How To Find The Details of Any Mobile Number in India Learn how to find the details of any mobile phone number in India when conducting an OSINT operation, in the latest article by security researcher Sameer Bhatt.
CYBERSEC How To Setup Miners For Monero (XMR) Learn how to securely set up and operate a Monero miner, to mitigate against cyber theft with Alessanco Innocenzi.
