A cloning attack refers to a type of threat in which a trusted resource is copied and used by an attacker. The cloned … [Read More...]

Learn ethical hacking, penetration testing, cyber security, best security and web penetration testing techniques from best ethical hackers in security field.
A cloning attack refers to a type of threat in which a trusted resource is copied and used by an attacker. The cloned … [Read More...]
Credentials Stealing Ever wondered how your credentials can be stolen from SSO (Single Sign-On)? How a legit-looking … [Read More...]
This post covers the following areas of CVE-2021-40444 Microsoft MSHTML Remote Code Execution … [Read More...]
Introduction DevSecOps is the process of integrating security amidst the development and operations. It emphasizes the fact that security is the shared responsibility throughout the entire product development life cycle. DevSecOps represents a culture where we strive to build products faster and safer and we detect and respond to security findings early in the process rather than doing that in a reactive manner. DevSecOps What is DevSecOps? Practically, DevSecOps is an art of integrating 3 pillars of software development life cycle that are: DevelopmentSecurityOperations To achieve this we … [Read More...]
The internet has transformed how we interact with various industries worldwide and changed how we do things. We can now do many things online, from banking to shopping and even medical appointments. While the advent of the internet has brought about some welcomed change, it’s also created issues, particularly around cybersecurity and privacy for its users. Thanks to the pandemic, companies and organizations worldwide have demanded better connectivity as more people work from home. However, in 2021, cybercrime skyrocketed. According to Check Point Research, organizations surveyed in their 2021 study were … [Read More...]
A cloning attack refers to a type of threat in which a trusted resource is copied and used by an attacker. The cloned resource might be a cryptographically signed email, social media account, or any content that boosts trust in the attacker using a stolen reputation. For example, we could copy the content of a popular social media page on a new account using a similar username. Because we pose as the original page, how would anyone know that we're not the original account? Twitter protects against cloning like this with its coveted Blue Checkmark feature for verified accounts, and we'll explore other … [Read More...]
What are Business Logic Vulnerabilities? In today's world, where hackers are becoming more sophisticated with each passing day, penetration testers must not rely just on automated scanners to identify application flaws. It is a requirement of the time that testers grasp the deep concepts on which the application is based. This is because it is by this method that we can insulate our apps against business logic flaws. How do these arise? Business Logic Vulnerabilities arise when developers do not truly understand the application's users and just try to build the application's functionality. As a result, … [Read More...]
Credentials Stealing Ever wondered how your credentials can be stolen from SSO (Single Sign-On)? How a legit-looking windows popup can steal the credentials? Phishing has been around for many years. Attackers have been using many techniques to lure the victims into their trap and gather their credentials. These techniques include social engineering, fake emails, campaigns, messages, websites, etc. There have been many detection mechanisms to protect users from common and/or suspected phishing attempts. But a new technique called Browser In The Browser (BITB) Attack has taken over the internet with its unique … [Read More...]