Rushikesh Patiloffensivebytes.com·May 7, 2024Breaking Point: How Browser Breakpoints Can Unmask Encryption and Compromise SecurityIntroduction: Have you ever explored the depth of tools available within your browser's developer console? Among these tools, breakpoints stand out as a powerful feature for debugging, but they also unveil significant insights into a web application'...Discuss·1 like·314 readsoffensive-security
Rushikesh Patiloffensivebytes.com·May 5, 2024Peeling Back the Layers: Unmasking Hidden Secrets in JavaScript CodeHey there! Today, let's go on a little adventure into the world of website secrets. Imagine this: if you add ?_debug=1 to the end of a JavaScript(.js) page's address, it's like unlocking a hidden door. We'll explore a cool security trick that makes a...Discussbugbounty
Rushikesh Patiloffensivebytes.com·May 5, 2024Exploiting Exposed Encryption Keys in Web ApplicationsIntroduction: During a recent penetration testing engagement, I identified a critical security issue: exposed encryption keys in a web application's client-side JavaScript. This vulnerability is particularly severe as it enables attackers to decrypt ...Discuss·32 readsoffensive-security
Matt Biedronskiblog.gonskicyber.com·Feb 29, 2024CVE-2023-5830: Critical Security Vulnerability in ColumbiaSoft Document LocatorDisclaimer: This information is being published for educational purposes only Background With the help of my colleague @micahvandeusen, in the late-summer of 2022 we identified and exploited a critical security vulnerability present within ColumbiaS...Discuss·222 readscve-2023-5830
eternalkyueternalkyu.com·Feb 10, 2024Modern Initial Access and Evasion Tactics - 2024 ReviewMariusz Banach's (mgeeky) 'Modern Initial Access and Evasion Tactics' course was the first training I took this year. Here is my review, written from the perspective of an experienced web developer. As soon as I decided to switch my career entirely t...Discuss·195 readsoffensive-security
Matt Biedronskiblog.gonskicyber.com·Jan 23, 2024Efficient Penetration Testing: A Guide to Tool InstallationIn this blog I aim to cover some of the methods I use as a penetration tester to install and manage tools that I use during my testing. The goal here is to provide a basic explanation of tool management I wish I had when I was starting out. Please ...Discuss·890 readspentesting
Nee4pfsec.com·Dec 23, 2023OSEP - Advanced Evasion Techniques and Breaching Defenses - Review (2023)Introduction For the last three months, I've been working through the PEN300 course by OffSec which is all about advanced evasion and breaching defenses. Just got news from OffSec that I passed the 48-hour exam, and I wanted to share how I got the OS...Discuss·1 like·503 reads#cybersecurity
prabhudarshan samalcybercruxprabhu.hashnode.dev·Dec 20, 2023Basic pen-testing vulnhub machine 2 HackingBy Prabhudarshan Samal This article is about a well-illustrated write-up based on hacking activities in an educational temperament and non-abusive intent. The techniques and resources provided by the article are totally intended for educational purpo...Discusspentesting
shafique wastaforBreachForcebreachforce.net·Dec 10, 2023Data Exfiltration Via Text StorageScenarios Introduction During red team activities, there may be instances where you encounter limitations on downloading and uploading from your laptop due to the presence of web proxies and Data Loss Prevention (DLP) measures. At times, DLP systems ...Discuss·1 like·95 readsAssumed Breach Odyssey: Red Team UnleashedDLP-Bypass
Rushikesh PatilforBreachForcebreachforce.net·Dec 8, 2023Red Teaming: The Art of Active Directory EnumerationIntroduction : In the ever-evolving landscape of cybersecurity, red teaming has emerged as a pivotal practice for organizations seeking to fortify their defenses against potential threats. Among the arsenal of techniques employed during red team asse...Discuss·2 likes·241 readsAssumed Breach Odyssey: Red Team Unleashedredteaming