In this write up, we’ll show you how to identify and exploit LFI Vulnerabilities. We will also discuss their impact and how to mitigate them with examples.
Exploit XSS Injections with a Powerful One-Line Technique
In this article, we’ll demonstrate practical methods for detecting and exploiting Cross-Site Scripting (XSS) injections. These techniques can be applied during source code security reviews to enhance speed and accuracy in your methodology, benefiting both security professionals and bug bounty hunters.
A primer on OS Command Injection Attacks
Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.Reading Time: 8 MinutesIntroduction Command Injection or OS command Injection is a category of injection vulnerabilities. It allows an attacker to execute arbitrary operating...
How to Exploit “improper error handling” in Web Applications
In this article we’ll discuss and demonstrate how improper error handling can be exploited in Web Applications. We’ll also discuss how various types of error handling can introduce various types of attack vectors.
Common and Uncommon types of SQL Injection
In this article, we’ll explain some of the most common and uncommon types of SQL Injection. We’ll also discuss how these attacks can impact your company and your customers, and show you the measures you need to take to mitigate and minimize such risks.
Google Dorking: Manual and Automated Methods for finding Hidden Information
In this article, we will showcase how to effectively use Google Dorking to uncover hidden and sensitive information on websites. Google Dorking enables security researchers to proactively discover and address potentially sensitive information that might not be intended for public access.
How Misconfigurations in Linux can leave you vulnerable to Attackers
Security misconfigurations in Linux systems occur when necessary security controls are not properly implemented for servers or web applications. In this article, we’ll emphasize the importance of detecting and addressing misconfigurations through practical examples and tools like Nmap and the Metasploit Framework.
How do QR Codes work and how criminal hackers use them to generate phishing attacks – Demo
In this article, we’ll explore the pervasive presence and potential risks associated with QR codes in daily life. We’ll discuss the ease with which malicious QR codes can be created, either manually or through specialized tools, allowing attackers to embed harmful payloads. A tutorial its included, emphasizing its role in creating various types of malicious QR codes for security testing purposes.
Red Team Tactics to uncover hidden Secrets on Websites
In this article, we’ll demonstrate red team tactics for uncovering hidden secrets on websites. Despite security layers that companies deploy, such as Cloudflare WAF and next-generation firewalls, attackers can exploit sensitive information embedded in code, such as API keys and tokens.