Jay Tillujaytillu.in·Mar 2, 2024What is the TCP/IP Model?Have you ever wondered how your computer talks to other computers across the vast expanse of the internet? It all boils down to a clever system called the TCP/IP model, the unsung hero behind every website you visit, email you send, and video you str...DiscussNetworking#cybersecurity
TutorialBoyforTUTORIALBOYtutorialboy24.hashnode.dev·Feb 21, 2024Analysis of Glibc privilege escalation vulnerability "Looney Tunables" (CVE-2023-4911)Recently, the Threat Research Unit of Qualys Company disclosed a Glibc vulnerability. The Glibc library has a buffer overflow vulnerability when processing environment variables, which can lead to local privilege escalation. This vulnerability affect...Discuss#cybersecurity
Pranav ShikarpurforPangea Blogpangea.cloud·Feb 5, 2024A Guide to Choosing a Secure Vault for Your Application Secrets and KeysSo you’ve decided to throw away those .env files with all your app secrets and move to a more secure option. Well first off, congratulations 🎉, you’re on your way to evading cyber attacks involving exposed secrets! Vault Considerations 🧐 While choo...Discuss·27 readsVault
Rizwan SyedforBreachForcebreachforce.net·Jan 14, 2024Scrape Cloud for SSL/TLS CertificateCrafting a thorough reconnaissance strategy involves harnessing SSL/TLS certificate data from the internet to empower Bug Bounty Hunters, Pentesters, Red Teamers, and Blue Teamers. Through systematic web scraping of SSL/TLS certificates and structuri...Discuss·82 readsRecon 3000: Navigating Advanced Recon Techniquescloudrecon
Keith CaseyforPangea Blogpangea.cloud·Jan 2, 2024Using IPs, Domains, and Geolocation to secure your AuthenticationWhen I say “secure authentication,” what comes to mind? You probably think of SSL, password policies, and MFA. Those are a good starting point but what if we could look into the authentication request itself? What if we could use that request context...Discuss·48 readsauthentication
Blessing Mufaro Kashavathecyberstash.hashnode.dev·Dec 27, 2023Interpreting technical cybersecurity jargon to stakeholders.Introduction As the world continually embraces dynamic technological advancements, it also stands to face cybersecurity challenges associated with IT-based systems. The digital space encompasses a vast array of sectors including, but not limited to, ...Discuss·51 readsCybersecurity Insight#cybersecurity
Neviar Rawlinsonneviarrawlinson.hashnode.dev·Dec 24, 20233-Month Roadmap to Launch Your Cybersecurity Career with No Prior ExperienceEmbarking on a cybersecurity career without prior experience might seem like a daunting task, but with dedication and a well-structured roadmap, you can make significant strides in just three months. This article outlines a step-by-step plan to help ...Discuss·10 likes#cybersecurity
shafique wastaforBreachForcebreachforce.net·Dec 10, 2023Data Exfiltration Via Text StorageScenarios Introduction During red team activities, there may be instances where you encounter limitations on downloading and uploading from your laptop due to the presence of web proxies and Data Loss Prevention (DLP) measures. At times, DLP systems ...Discuss·1 like·75 readsAssumed Breach Odyssey: Red Team UnleashedDLP-Bypass
1NF1N17YXcyberpulsesecurity.hashnode.dev·Dec 10, 2023SQL InjectionBrief SQL Injection, commonly known as SQLi, involves executing malicious queries on a web application database server. When a web application fails to validate user input before interacting with the database, it becomes vulnerable to attackers who m...DiscussTryHackMeWeb Development
1NF1N17YXcyberpulsesecurity.hashnode.dev·Dec 10, 2023Command InjectionIntroduction (What is Command Injection?) In this section, we'll explore the web vulnerability known as command injection. We'll learn about its nature, understand its impact, and the risks it poses to applications. Subsequently, you'll have the oppo...DiscussTryHackMeWeb Development