TECHNICAL My Journey To The Google Hall Of Fame This is the story of the how Abartan Dhakal managed to get into the Google Hall of Fame, along a path strewn with failure and invalid vulnerabilities.
CYBERSEC Secure Password Handling in Depth Infosec never gets bored of talking about passwords. In this article we deep dive into the consensus around web application password handling.
TECHNICAL Using Serverless Frameworks - Part 1 Serverless has become a movement in application development because it allows developers to focus on code and leave infrastructure to the providers.
CYBERSEC Getting Started With Objection + Frida How to get started assessing iOS apps on a nailed device using Objection. which enables us to assess an iOS app in an environment using Frida.
TECHNICAL False Flags In Threat Attribution The entire concept of threat attribution is tremendously flawed argues security researcher Matt Telfer. In this article we take a closer look at false flags.
TECHNICAL Flaring The Blue Team - When You Confuse Them You Lose Them In this article, we take a closer look at a flaring script for report-uri, one that we will use to confuse and distract the blue team by sending them random false positives. #flaring
CYBERSEC How To Build A Hash Cracking Rig In this article security researcher Sebastian Bicchi teaches us how to build a low-cost, but high quality cracking rig by repurposing a hardware crypto mining rig.
TECHNICAL Malware Analysis Using Memory Forensics Malware analysis can be very simple or very complex. The goal of this article is to introduce a process of using free tools that entry-level analysts can use to collect data.
TECHNICAL An Introduction To Binary Exploitation Interested in binary exploitation? Then welcome to a very detailed beginners guide and introduction to help you start your journey's in binary exploitation!
CYBERSEC Passive Reconnaissance Using OSINT This article explores the basics and core aspects of OSINT from a reconnaissance perspective, in which we map out the entire public facing infrastructure of a target.
CYBERSEC Sideloading (Re-Sign) An iOS App To Install On A Jailed Device In this article Roy Shoemake walks us through the process and shows us how to install an IPA binary onto a jailed iOS device (aka sideloading).
TECHNICAL Blind Stored Cross-Site Scripting In this article, we join security researcher Roy Shoemake to learn what blind Cross-Site Scripting (XSS) is and a couple of ways to test for it.
CYBERSEC HackTheBox Walkthrough : Canape Now that the HackTheBox.eu CANAPE challenge has been retired, security researcher @DRX_Sicher can publish his walkthrough.
CTF HackTheBox - Canape write-up Canape retires this week, it's one of my favorite boxes on HTB for it's lessons on enumeration and scripting as well as a cool way to privesc. So, let's find our way in!
CYBERSEC HackTheBox - Poison Write Up Poison retires this week at HTB and it has some very cool privesc, plus another way to get into the box which needs us to, ahem, *poison* things.
TECHNICAL AWS Full Stackin’ w/ aaS This article from security researcher ZuphZuph will teach you about secure SaaS hosting within AWS. Everything here is generalized for the infotech/sec industries.
TECHNICAL HackTheBox - Stratosphere Write-up Stratosphere retires this week at HTB. I really liked this box for its awesome privilege escalation (privesc) and the rabbit holes. So without further ado, this is your pilot Minato reporting, looks like there's some turbulence... Lets hit stratosphere!!!
TECHNICAL Web Application Firewall (WAF) Evasion Techniques #3 Uninitialized Bash variable to bypass WAF regular expression based filters and pattern matching. Let's show it can be done on CloudFlare WAF and ModSecurity OWASP CRS3
TECHNICAL HackTheBox - Celestial Writeup Celestial retires this week, it was a pretty cool box with a good vulnerability to look into. So without any further blabbering, lets get to r00t!
CYBERSEC HackTheBox- Rabbit Writeup This week Rabbit retires on HTB, it’s one of my favorite boxes and after joining the Secjuice writing team, I decided to publish my first ever write-up.
TECHNICAL Finding The Real Origin IPs Hiding Behind CloudFlare or Tor Tor hidden services and reverse-proxy providers (e.g. CloudFlare) are useless if you are making simple mistakes. This is how you can reveal origin IPs when you make a mistake.
TECHNICAL Reverse Engineering My Own Website Security researcher Alessandro Innocenzi built his website using esoteric programming languages, a website that you have to first compile in order to get any information out of it.
TECHNICAL DNSBL: Not just for spam Security practitioner Menin_TheMiddle is using DNS to stop botnet, spammers and anonymous traffic with Nginx, Lua and DNSBL. Find out how.
TECHNICAL Featured Bypassing Web Application Firewalls for Cross-Site-Scripting Web Application Firewalls can make your life much harder when using automated tools. But you can bypass a lot of firewalls when exploiting XSS vulnerabilities by analyzing them manually.
TECHNICAL Writing A Simple Directory Bruteforcing Tool with 25 Lines of Python Security researcher Rohan Chavan got bored one day and wrote a simple directory brute force tool using just 25 lines of Python.
