RouterSpace is an easy-level machine and is too beginner-friendly for anyone to start with. Unlike usual boxes, it … [Read More...]
Featured Articles
GitLab File Read RCE
In 2020, a critical vulnerability was found in the GitLab server. An issue discovered in GitLab CE/EE (Community … [Read More...]
Remote Code Execution
We create our own sample server application and explain how to use Remote Code Execution RCE. Remote Code Execution is … [Read More...]
Editorial Picks
Latest Blog Updates
How to Write Yara Rules for Malware Detection?
Cyber Threat Hunting (CTI) is a proactive approach used to find out malicious and suspicious activities in networks and endpoint devices. It includes the detection and classification of malware in target systems. The malwares detection techniques can be classified into following categories. Signature-based detectionBehavior-based detectionAnomaly-based detectionStatistical-based detection Among these categories, signature-based approach is the most common and relatively fast detection technique. Signature-based malware detection process requires some information about the malicious code to be … [Read More...]
CVE-2021-40444 Microsoft MSHTML Remote Code Execution Exploit
This post covers the following areas of CVE-2021-40444 Microsoft MSHTML Remote Code Execution Exploit AboutWorkingRequirementsExploitGetting Reverse ShellGaining Access to Systems through Phishing About This vulnerability, named as CVE-2021-40444 Microsoft MSHTML Remote Code Execution Exploit, was disclosed by Microsoft on 7 September 2021 and was being used widely by APTs and other threat actors through Microsoft Word Documents. It is a Remote Code Execution vulnerability in MSHTML (Microsoft’s proprietary browser engine for internet explorer). The attackers target the ActiveX that hosts the browser … [Read More...]
Bypassing Firewalls with Server Side Request Forgery
Server-Side Request Forgery (SSRF) means a server makes requests for us even though it shouldn't. You can exploit SSRF in various ways. You can proxy requests through the vulnerable server. Or maybe requests from the server are "trusted" to access some sensitive resource, as bug bounty hunters love to do. SSRF allows attackers to make requests from the server (source) Or you try to access internal network resources from a local IP, thus bypassing the firewall. Which is what we'll look at in this article. Show me the code If you're a pentester, you likely prefer hands-on, DIY demonstration to theory. … [Read More...]
Quantum Computing -A Threat to Future Cybersecurity?
The current Cybersecurity architecture is based on cryptographic algorithms implemented all over the world. Authentication, digital signatures, encryption, electronic transactions, time-stamping, and secure network communication are few examples of everyday security implementations that are based on cryptography. The success of these cryptographic measures is dependent on the computational complexity of the Cryptographic protocols. For instance, the Advanced Encryption Standard (AES) used in symmetric cryptography has a key length of 128 (AES-128), 192 (AES-192), and 256 (AES-256) bits. If an attacker … [Read More...]
How to defeat modern Captchas
We all know what it's like - you need to log in to a site, so you have to select the motorboats from a bunch of tiny pictures. Modern Captcha systems like hCaptcha, FunCaptcha, and Google's ReCAPTCHA have come a long way since the old days of squiggly text. But what tools are available to pentesters who need to defeat Captcha programmatically as part of a job? Classic CAPTCHA with Okta OCR (Ocular Character Recognition) algorithms quickly defeated even the most advanced classic Captchas. Admins tried to protect their forums from the deluge of spam. They made the characters even harder to read, but this was … [Read More...]