TECHNICAL Simple Defenses vs Advanced Malware Defending your systems from advanced malware does not have to be difficult and costly. Learn how to improve your domain security with simple changes to tools you already own.
CYBERSEC Case Study: Wreaking Havoc via an API A deep dive case study from infosec writer Miguel Calles highlights the importance of addressing the highest OWASP security risk, injection.
TECHNICAL Featured How To Exploit PHP Remotely To Bypass Filters & WAF Rules Learn about the possibilities that PHP gives us to exploit and execute code remotely in order to bypass filters, input sanitization, and WAF rules.
CYBERSEC The Road To Reverse Engineering Malware Security researcher Pablo Ramos has prepared a structured guide to malware reverse engineering resources for those interested in getting started.
CYBERSEC Weaponizing CoAP For DDoS Attacks In his latest article Security Researcher Francseco Cipollone covers a little history of DoS and DDoS attacks and explains how the IoT CoAP protocol can be weaponized for DDoS attacks.
TECHNICAL How To Upload Any File To Amazon's Free Unlimited Photo Storage Space Have you ever wondered how to use Amazon Photos unlimited space for your own personal files? Wonder no longer, Alessandro Innocenzi has it all figured out and Amazon says it's fine.
TECHNICAL Metasploit Community CTF 2018 "Remembering Aaron Swartz" came second at this year's metasploit CTF. Most of us played for the first time and it was a unique experience.
TECHNICAL Access Control - Cloud vs Traditional (Part 2) The second in a series of articles from Security Chief Francesco Cipollone of NSC42 that deep dives into the subject of access control, authentication and compliance.
TECHNICAL Access Control : Cloud vs Tradition A closer look at access control systems and the difference between cloud bases access controls and the more traditional on-prem versions.
TECHNICAL My Journey To The Google Hall Of Fame This is the story of the how Abartan Dhakal managed to get into the Google Hall of Fame, along a path strewn with failure and invalid vulnerabilities.
CYBERSEC Secure Password Handling in Depth Infosec never gets bored of talking about passwords. In this article we deep dive into the consensus around web application password handling.
TECHNICAL Using Serverless Frameworks - Part 1 Serverless has become a movement in application development because it allows developers to focus on code and leave infrastructure to the providers.
CYBERSEC Getting Started With Objection + Frida How to get started assessing iOS apps on a nailed device using Objection. which enables us to assess an iOS app in an environment using Frida.
TECHNICAL False Flags In Threat Attribution The entire concept of threat attribution is tremendously flawed argues security researcher Matt Telfer. In this article we take a closer look at false flags.
TECHNICAL Flaring The Blue Team - When You Confuse Them You Lose Them In this article, we take a closer look at a flaring script for report-uri, one that we will use to confuse and distract the blue team by sending them random false positives. #flaring
CYBERSEC How To Build A Hash Cracking Rig In this article security researcher Sebastian Bicchi teaches us how to build a low-cost, but high quality cracking rig by repurposing a hardware crypto mining rig.
TECHNICAL Malware Analysis Using Memory Forensics Malware analysis can be very simple or very complex. The goal of this article is to introduce a process of using free tools that entry-level analysts can use to collect data.
TECHNICAL An Introduction To Binary Exploitation Interested in binary exploitation? Then welcome to a very detailed beginners guide and introduction to help you start your journey's in binary exploitation!
CYBERSEC Passive Reconnaissance Using OSINT This article explores the basics and core aspects of OSINT from a reconnaissance perspective, in which we map out the entire public facing infrastructure of a target.
CYBERSEC Sideloading (Re-Sign) An iOS App To Install On A Jailed Device In this article Roy Shoemake walks us through the process and shows us how to install an IPA binary onto a jailed iOS device (aka sideloading).
TECHNICAL Blind Stored Cross-Site Scripting In this article, we join security researcher Roy Shoemake to learn what blind Cross-Site Scripting (XSS) is and a couple of ways to test for it.
CYBERSEC HackTheBox Walkthrough : Canape Now that the HackTheBox.eu CANAPE challenge has been retired, security researcher @DRX_Sicher can publish his walkthrough.
CTF HackTheBox - Canape write-up Canape retires this week, it's one of my favorite boxes on HTB for it's lessons on enumeration and scripting as well as a cool way to privesc. So, let's find our way in!
CYBERSEC HackTheBox - Poison Write Up Poison retires this week at HTB and it has some very cool privesc, plus another way to get into the box which needs us to, ahem, *poison* things.
TECHNICAL AWS Full Stackin’ w/ aaS This article from security researcher ZuphZuph will teach you about secure SaaS hosting within AWS. Everything here is generalized for the infotech/sec industries.
