Explore the latest tools, techniques, and strategies used by ethical hackers to fortify defenses by thinking like an attacker. From pen-testing methodologies to exploit development and vulnerability analysis, we cover crucial topics to arm you with the knowledge needed to protect your systems. Our insights and practical guides aim to educate and inspire both beginners and seasoned professionals in the ever-evolving battle against cyber threats.
This article covers a post-incident OSINT investigation that linked a recent business email compromise back to an Australian carpet company, due to a DNS registration mishap by the attacker. Persistence and pivoting are key for investigators!
A bird's eye view of the Dark Web focused on the essentials. If the inner workings of the Dark Web remain a mystery to you, this post was made to change that.
This article demonstrates how an Azure VM can be configured as a Netcat reverse shell listener, detailing setup steps (opening ports, running nc), potential security risks, and mitigation strategies. It highlights detection methods via Azure logging and best practices to prevent misuse.
This lab's administration interface has an authentication bypass vulnerability, but it is impractical to exploit without knowledge of a custom HTTP header used by the front-end.
This lab leaks its source code via backup files in a hidden directory. To solve the lab, identify and submit the database password, which is hard-coded in the leaked source code.
This lab contains a debug page that discloses sensitive information about the application. To solve the lab, obtain and submit the SECRET_KEY environment variable.
This lab discloses sensitive information via its version control history. To solve the lab, obtain the password for the administrator user then log in and delete the user carlos.
This article details the findings of two studies that highlight how security vulnerabilities in publicly-accessible LLMs can present a threat to public security through the proliferation of malicious knowledge, guidance in committing illegal activities, and generation of malicious content.
This lab's verbose error messages reveal that it is using a vulnerable version of a third-party framework. To solve the lab, obtain and submit the version number of this framework.
