Basically the title, wondering if this would be "safe". We're a SMB with about 150 endpoints and 10 servers. We've used So...
Backend code of edit profile feature is vulnerable for Privilege Escalation attack. Attacker can manipulate request for getting higher role ...
This lab contains a blind SQL injection vulnerability. The application uses a tracking cookie for analytics, and performs a SQL query… Con...
Anyone have recommendations for upskilling in incident handling, threat detection, and threat hunting. I’m relatively new to cyber (about 2 ...
Local File Inclusion is an attack technique in which attackers trick a web application into executing or exposing files on a web server… C...
GraphQL se ha convertido en una herramienta indispensable en el mundo del desarrollo Web. En esta publicación, exploraremos qué es GraphQL… ...
Hey folks: I have a dilemma that I would like to run by you all. Assuming you are an employee of a company, and the company have a SaaS pl...
Deep Dive into breaking applications and chaining vulnerabilities to hack complete infrastructures. Continue reading on Medium » http://...
أعلنت @TCMSecurity قبل فترة قريبة عن اختبار وشهادة احترافية بعنوان: Continue reading on Medium » http://dlvr.it/T0VKJL
Burp Suite is a powerful tool for web application security testing. One of the key features of Burp Suite is its ability to extend its… Co...
Hello guys 👋 I’m back with another walkthrough, this time tackling on Brooklyn Nine Nine Lab from TryHackMe. Continue reading on Medium »...
In early November, we came across an open directory that included more than a year of historical threat actor activity. By analyzing tools, ...
Navigating the Complex World of Cybersecurity: Continue reading on Medium » http://dlvr.it/T0JbV2
Update to a previous thread: Same user was phished twice. Supposedly they don't like talking to the vendor in question and just follow...
TribeOne is committed to ensuring the security and stability of our platform. That is why, together with our first testnet launched on… Co...
I've been studying CVE-2023-45648 and trying to reproduce it on a vulnerable version of tomcat and failing. and the usual tools aren...
Advanced Exploitation Techniques with Auth0 Credentials Continue reading on ProDefense » http://dlvr.it/T011F7
What are the most common dfir tools that you guys use to investigate an incident. Im in a soc now, but would like to expand my skills into D...
In this article we will learn what HTTP request smuggling is and how to prevent them, we’ll also do some practical examples using burp… Co...
The price is on the can… I'm working on a project and I'm trying to get a sense of the sea of tools this project might be floatin...
Banyak dari kita yang sering menggunakan website-website di internet. Namun, apakah kalian yakin data-data yang kalian masukkan di dalam… ...
Hi guys, Does anyone know how to observe the logs coming into a Linux device in a normalized form rather than in packets (Wireshark). The lo...
A Step-by-Step Guide based on my previous Experience Continue reading on Medium » http://dlvr.it/SzrhXV
Dragos Launches Program to Provide Water, Electric Utilities With Free Cybersecurity Tools The Wall Street Journal http://dlvr.it/Szn4tw
Hi Guys, DumpCrt is a Bash script designed to extract data from the crt.sh database. It provides an easy way to search for certificates ba...
So Guyzz I am Here to tell you How I found Admin Panel Access. Continue reading on Medium » http://dlvr.it/Szlf7w
Cybersecurity startup Klarytee raises £700k for encryption tools UKTN (UK Technology News http://dlvr.it/SzkYlr
Hi guys! Hope everyone's doing well here! Disclaimer: I am a complete newbie to cybersecurity, in general. The question(s) that...
We created an Intrusion Detection System using AI technology specifically designed for Windows. Our plan is to commercialize this research b...
So I have taken then SANs 560, 660 and I have read documents for 760 and 770. I do annual pentests for my company and I do PT on the side ou...
In the vast expanse of the world’s oceans, where maritime activities fuel global trade, the integration of digital technologies has… Conti...
A look into the World of Bug Bounties: Skills, Challenges, and Big Wins Continue reading on Coded Tech Talk » http://dlvr.it/Szb94Q
Survey shows AI-powered cybersecurity tools adoption uncertainty Security Magazine http://dlvr.it/SzZ6wt
I think personally about how many different cloud apps, some through SSO and some not that I'm using across a single corporate identity ...
Why authorization flaws are trendy and easier to discover Continue reading on Medium » http://dlvr.it/SzXgmq
Efficient Techniques for Investigating Confidential Files and Documents Continue reading on OSINT TEAM » http://dlvr.it/SzV8YQ
Hi everyone, I work in a SOC and sometimes we need to check reputation/information on IPv6 addresses. It's not common but it happens o...
Hello, I’m Bijoy B, an enthusiastic cybersecurity researcher affiliated with RedTeam Hacker Academy. I take pride in being the youngest… C...
An active malware campaign is leveraging two zero-day vulnerabilities with remote code execution (RCE) functionality to rope routers and vid...
In my previous blog post, HackTheBox — Web Attacks: From XXE Injection to Local File Disclosure, I went over how to use XXE Injection to… ...
Free cybersecurity tools from pCloud help protect you from hacks 9to5Mac http://dlvr.it/SzMzZB
I’m a SOC Analyst in a mostly Windows environment. Most of what I have done so far with scripting involves gathering information on assets o...
Hi, I am a junior cyber security engineer. I have 1 year experience working as an intern. And have been working officially for 3 months now ...
I’ve seen multiple posts on this reddit thread asking about free tools. Those who don’t know CISA has a comprehensive list of free and recom...
In recent years, the cybersecurity landscape has seen a remarkable evolution, with bug bounty hunting emerging as a viable full-time… Cont...
I am seeking insights into how organizations manage administrative access for employees on their workstations. Specifically, I am interested...
Before we delve into the intriguing universe of Metasploit, it is crucial to emphasize the need to use these tools in an ethical and legal… ...
Hello all, I am an L1 soc analyst with over 3 years of experience. I primarily work on IAM (Account, app provision) on prem AD and Okta. I...
Hi, I’ve been a general data scientist for almost 7 years and for along time, my interest has been in cybersecurity but more specifically ...
Indicators of Compromise (IoCs) play a pivotal role in this process by serving as breadcrumbs left behind by malicious actors. Continue re...
For a part time job in cyber security, I recently took a test for the second round of interviews. These questions involved giving us securit...
Greetings r/cybersecurity, Our security team started a new series of blogs called ransomware diaries which is focusing on similarities and...
Hello everyone, in this article, I will share how I scaled from a self-redirect that redirected only to a link containing the host itself… ...
I'm a soc analyst and I've been tasked with reporting on the alerts our soc team is receiving. Our infosec team has an app called...
Have you ever heard of the Google Issue Tracker? Probably not, unless you’re a Google employee or a developer who recently reported bugs… ...
I have been working with Python a lot more at work and I wanted to know what people in use it for? I just use it currently to do some data...
UK cybersecurity center says 'deepfakes' and other AI tools pose a threat to the next election ABC News http://dlvr.it/Syq7nr
Hello everyone! I've got a question, but first I'll start off with some backround so it'll give context. I work as an help...
How do you test web application "file upload" feature that would: also take random input and tail logs (or exception or exit cod...
Good day, I would like some advice from the community please. I have the job title of Cyber Security Analyst. I have been in the role for ...
No, it’s not about testing writing pens/pencils. It’s harder than that. Continue reading on Medium » http://dlvr.it/SyjgRr
So I just want to know far as leveling in the private sector, where can my skills as an ISSO/Tools SME take me. Currently have 6 years of vu...
Hi guys I am tasked with coming up with a structured way to manage and secure access to critical social media accounts (FB, IG, X and a fe...
With ChatGPT's unveiling almost a year ago and their dev day yesterday, it's been a sizable amount of time that the generative AI pr...
I’m looking to implement Just In Time access to all our critical customer data applications and other resources that are more on the sensiti...
From months I have been going through a lot of tools * Configuration/Mis Config Management tools for cloud - Internal Issues at high lev...
Greetings, my name is Wallotry. That’s my hacker name, of course. Continue reading on Medium » http://dlvr.it/SyQvpn
