AppSec… Setting Up A Snort IDS on Debian Linux 24 May 2018 Malicious network traffic (such as worms, hacking attempts, etc.) has certain patterns to it. You could monitor your network traffic with a sniffer and look for this malicious traffic manually…
AppSec… Password cracking with John the Ripper 24 May 201824 May 2018 Introduction For those of you who haven't yet heard about John the Ripper (hereby called John for brevity), it is a free password cracking tool written mostly in C. Before…
#career… Hackers Handbook In PDF Format – Full 5 Apr 20185 Apr 2018 Whether you are a security professional, student or just curious about application security, there is an amazing resource online that you can read and is an essential tool in the…
AppSec… Spamming Facebook Messages 3 Jan 201811 Apr 2018 We have reported this bug to Facebook and they replied asking "How is this different than hitting the message button?" If you want to spam everyone in the World that…
#career… Security and Linux 30 Nov 201730 Nov 2017 As Linux users we have some inherent advantages over our fellow Windows users when it comes to security (or lack there of). Hackers, rather like gamblers, use the laws of…
AppSec… OWASP – A2 – Broken Authentication and Session Management – LSB 24 Nov 2017 Threat Agents Consider anonymous external attackers, as well as users with their own accounts, who may attempt to steal accounts from others. Also consider insiders wanting to disguise their actions.…
AppSec… Exploiting CSRF under NoScript Conditions 22 Nov 201722 Nov 2017 CSRFs -- or Cross-Site Request Forgery vulnerabilities -- occur when a server accepts requests that can be “spoofed” from a site running on a different domain. The attack goes something like this:…
AppSec… A Guide to Not Getting Hacked 20 Nov 201720 Nov 2017 Do you want to stop criminals from getting into your Gmail or Facebook account? Are you worried about the cops spying on you? We have all the answers on how…
AppSec… On Web Extensions shortcomings and their impact on add-on security 12 Nov 201712 Nov 2017 Recently, I reported a security issue in the new Firefox Screenshots feature (fixed in Firefox 56). This issue is remarkable for a number of reasons. First of all, the vulnerable code was…
AppSec… OWASP Security Shepherd – Security Misconfiguration – Solution – LSB 2 Nov 20173 Nov 2017 Welcome back to another OWASP Security Shepherd solution. This challenge is called Security Misconfiguration. So we are given a Username and Password field and we can get the result key…
AppSec… you.dj Unlock The Sampler 30 Oct 201730 Oct 2017 If you've ever used the DJ application you.dj as a normal user you will have used the sampler to add various sounds to your mixes. But as a normal user…
AppSec… Owasp Security Shepherd – Poor Data Validation – Solution – LSB 8 Sep 20172 Nov 2017 Welcome hackers to a new OWASP Security Shepherd solution. The challenge in question is the Poor Data Validation and this happens when data is only checked on the client side.…
AppSec… How to Hijack Web Browsers Using BeEF 28 Aug 20177 Nov 2017 Welcome back my fellow hackers! Today we’re going to be introducing a new tool for hacking web browsers. Often times, we will need to exploit a variety of vulnerabilities associated…
AppSec… Installing Security Shepherd on VMWare Workstation 12 Player 21 Aug 20172 Nov 2017 In this post we will install Security Shepherd. A vulnerable web app for us to hack. You can download the ISO image here. Once you download the software, depackage it,…
AppSec… Security Shepherd Solutions 20 Aug 201728 Aug 2017 The OWASP Security Shepherd project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic.…
AppSec… How to install WebGoat on Ubuntu 27 Apr 201727 Apr 2017 WebGoat is a deliberately insecure, Java web application designed for the sole purpose of teaching web application security lessons. The officially-stated aim is to enable developers to “test vulnerabilities commonly…
