Ok everyone, I hope you have enjoyed this series thus far. We have been moving right through some Cyber Threat Intelligence (CTI) concepts and we have covered a lot of ground thus far. Now I think it is important to talk about one of the main components of CTI – Tactics, Techniques, and Procedures (TTP) […]
Hey, this is actually my 1st HTB box write-up as well as box. It is actually an easy marked box. After completing some easy boxes, I will move to those boxes which actually are relevant to writing pentesting reports. Actually, I was ready to make a pentesting report in this room, but this room is
Horror stories always begin with “it was a dark and stormy night,” with scary imagery meant to spark the imagination. Unfortunately for the client calling us on the day before Thanksgiving, this is not a tale written by Bram Stoker or the Brothers Grimm. It was November 27th, 2019, and we were all getting ready
Real world: IR Story: No Turkey for you!! Read More »
The contenders: Bitwarden Keeper security 1Password References: Website. Bitwarden Keeper Security 1Password Pcmag review. Bitwarden Keeper security 1Password BitWarden Website: https://bitwarden.com/ Price: $3 per user/month Compatibility: Windows, Mac, Linux, android, iOS Browser extension: Yes Password Sharing: Yes Open-Source: Yes Import Passwords: Yes Encryption: end-to-end AES-256 bit encryption, salted hashing, and PBKDF2 SHA-256. Features: Built-in File
Choosing a Password Manager Read More »
DISCLAIMER:The content you are about to access is for educational purposes and research aims. I am not responsible for your action, when you are “proxied” Okay, HAHA!!, Let’s Roll What is a Proxy Chain? Proxy: Imagine you are being pursued, during that pursuit, you get really exhausted and want to take a break but you
Setting Up Proxy Chains In Kali Linux Read More »
Hello, Friend! Metasploit has been the holy grail of security tools for some years now. It can be used by almost anyone, whether you’re a script kiddie or an expert. That’s why I will be going through a walkthrough today to show you the full exploitation process on Metasploit. This walkthrough is heavily influenced by
METASPLOIT For Beginners Read More »
Linux CLI Training Wheels Welcome to my first article ever, on anything! This article is going to cover the basic raw commands to get you moving around the FHS ( File Hierarchical System) that all Linux OS function under. From one beginner to another, learning the Linux file system can be ridiculously overwhelming and push
LINUX CLI TRAINING WHEELS Read More »
Overview from OWASP reference What are injection-based vulnerabilities? Almost any source of data can be an injection vector, environment variables, parameters, external and internal web services, and all types of users. Injection flaws occur when an attacker can send hostile data to an interpreter. Injection flaws are very prevalent, particularly in legacy code. Injection vulnerabilities
What makes the OWASP top 10 so important? Due to the importance of Application Security in reducing overall IT risk, the OWASP Top 10 has been adopted or referenced by a large number of government agencies, industry standards bodies, and prominent companies such as Microsoft, PCI Security Standards Council, Citibank, NIST, and others. These organizations
Owasp top 10 – 2020 Read More »
This guide is designed to give the most accurate methodology for detecting and vulnerability scanning WordPress sites in mass. I have broken this guide into it’s three main categories so you can easily reproduce it. Identification This is the most crucial part of this methodology, before I made this document I noticed some discrepancies within
Method for Detecting & Validating WordPress sites. Read More »