I’ve seen lot of social engineering / phishing campaigns that try to trick you to go some unsavory places, but rarely do they look convincing. So lets see how can we trick people into clicking on that link. https://[email protected] Now if you click the above link using Firefox browser – you will get a notification…
Have you ever wondered why a website you visit can’t access your cookies or session data from other sites you have open, like Facebook or Instagram? That’s thanks to the Same-Origin Policy. This policy restricts how one website can interact with resources from another website in your browser, ensuring your data remains secure and private.…
Content Security Policy (CSP) is one powerful setting that helps to defend your website. It particularly defends your site from vulnerabilities such as Cross-Site Scripting (XSS) and data injection attacks. It works by defining which sources of content are allowed to be loaded and executed on your web pages. How CSP Works CSP is implemented…
Rarely talked about, this is an interesting vulnerability. In 2012, GitHub faced a significant Mass Assignment vulnerability. An attacker discovered that GitHub’s enterprise system allowed users to set arbitrary parameters, including the admin flag, during account creation. The attacker exploited this by including the admin parameter in the account registration request, granting themselves administrative privileges.…
HTTP Request Smuggling occurs when an attacker exploits inconsistencies in how different web servers handle multiple HTTP requests sent in a single packet. This can lead to various types of attacks, including: HTTP Request Smuggling typically exploits the difference in interpretation of Content-Length and Transfer-Encoding headers between two servers. By carefully crafting HTTP requests, attackers…
When it comes to attacking web servers without any initial access, there are more ways than one may think of. Lets start from the most common and go from there: 1. Web Application Vulnerabilities Issues within the application itself can be exploited remotely to possibly gain control or access backend systems. Vulnerabilities such as SQL…
In the shadowy corners of the cybersecurity world, there thrived a hacker known for his unique blend of digital prowess and physical stealth. This hacker, who went by the alias “Cipher,” specialized in an often-overlooked aspect of security: physical penetration testing. Cipher’s job was to break into buildings, not just networks, to expose vulnerabilities in…
As the final bell rang, signaling the end of another mundane school day, Alex trudged out of the classroom, his backpack slung over his shoulder. The autumn sun cast long shadows across the schoolyard as he made his way home, kicking at stray leaves that littered the sidewalk. Chapter 1: A Routine Day Despite the…
We are going to delve deeper uncovering the hidden patterns in passwords. First of all, we need password datasets / breached lists of once hacked passwords. For our part 2 we will analyze the common password collections from known breaches that can be found in ‘seclists’ libraries. For the purpose of this article I wrote…
In the digital age, passwords serve as the gatekeepers to our virtual lives, safeguarding everything from personal correspondence to financial information. This article provides a detailed exploration of password patterns, incorporating extensive statistics, examples, and insights to paint a full picture of current trends and their implications for security. This is the part 1 of…
