TECHNICAL HackTheBox - Stratosphere Write-up Stratosphere retires this week at HTB. I really liked this box for its awesome privilege escalation (privesc) and the rabbit holes. So without further ado, this is your pilot Minato reporting, looks like there's some turbulence... Lets hit stratosphere!!!
TECHNICAL Web Application Firewall (WAF) Evasion Techniques #3 Uninitialized Bash variable to bypass WAF regular expression based filters and pattern matching. Let's show it can be done on CloudFlare WAF and ModSecurity OWASP CRS3
TECHNICAL HackTheBox - Celestial Writeup Celestial retires this week, it was a pretty cool box with a good vulnerability to look into. So without any further blabbering, lets get to r00t!
CYBERSEC HackTheBox- Rabbit Writeup This week Rabbit retires on HTB, it’s one of my favorite boxes and after joining the Secjuice writing team, I decided to publish my first ever write-up.
TECHNICAL Finding The Real Origin IPs Hiding Behind CloudFlare or Tor Tor hidden services and reverse-proxy providers (e.g. CloudFlare) are useless if you are making simple mistakes. This is how you can reveal origin IPs when you make a mistake.
TECHNICAL Reverse Engineering My Own Website Security researcher Alessandro Innocenzi built his website using esoteric programming languages, a website that you have to first compile in order to get any information out of it.
TECHNICAL DNSBL: Not just for spam Security practitioner Menin_TheMiddle is using DNS to stop botnet, spammers and anonymous traffic with Nginx, Lua and DNSBL. Find out how.
TECHNICAL Featured Bypassing Web Application Firewalls for Cross-Site-Scripting Web Application Firewalls can make your life much harder when using automated tools. But you can bypass a lot of firewalls when exploiting XSS vulnerabilities by analyzing them manually.
TECHNICAL Writing A Simple Directory Bruteforcing Tool with 25 Lines of Python Security researcher Rohan Chavan got bored one day and wrote a simple directory brute force tool using just 25 lines of Python.
CYBERSEC How I Stole Your Username & Password In Five Minutes Using WiFiPhisher. Security researcher Riccardo Landolfo explains how easy it is for a hacker to phish your usernames and passwords over a public WIFI network.
CYBERSEC Featured AppArmor: Say Goodbye to Remote Command Execution. How to kill RCE and RFI directly on the php-fpm process. Let's do a test exploiting Drupalgeddon2.
CYBERSEC How To Setup SSL With LetsEncrypt for Linux & Windows LetsEncrypt is a great free alternative to paid SSL certs, in this guide Security Engineer @zuphzuph shows you how to set it up for Linux and Windows.
OSINT NumSpy: How To Find The Details of Any Mobile Number in India Learn how to find the details of any mobile phone number in India when conducting an OSINT operation, in the latest article by security researcher Sameer Bhatt.
CYBERSEC How To Setup Miners For Monero (XMR) Learn how to securely set up and operate a Monero miner, to mitigate against cyber theft with Alessanco Innocenzi.
CYBERSEC An XSS Road Trip (Journey Through The Web #1) Join us on a journey through the web, and an XSS roadtrip with Paul Dannewitz who gives us some good examples of XSS vulnerabilities that he found in the wild.
CYBERSEC My First Foray Into Software Reverse Engineering Security researcher Alessandro Innocenzi is dipping his toe into reverse engineering, join him on his journey and find our what he learned.
