In this section, we’ll explain HTTP request smuggling attacks and describe how common request smuggling vulnerabilities can arise. HTTP request smuggling is...

Structure of a Web Application Web applications are complex systems comprising several components working together to deliver a seamless user experience. At...

INTRODUCTION This tryhackme room involve fundamental learning of Recon , Web application attack and privilege escalation techniques Click the “Join Roo...

Introduction TryHackMe’s MD2PDF room puts players in the position of discovering and taking advantage of security holes in the MD2PDF program in order to...

We’re focused on… Whether quantum-resistant cryptography is developing fast enough to mitigate the crypto-cracking power of quantum computing. Why? Bec...

Recently, Microsoft announced their new AI Recall feature that will be enabled on a new hardware generation called Copilot+ PC. I won’t bore you with the...

When authenticating into a Domain Controller using the Kerberos protocol, especially during a CTF, we’ve all encountered the infamous Kerberos Clock Skew er...

We’re focused on… Why being a mentor has benefits not just for the mentee, but for the person doing the mentoring too. Why? Because we asked Paulino Ca...

We’re focused on… The importance of continuous security to help an organisation stay ahead of threats, act on vulnerabilities, and enable peace of mind fo...

At Black Hat MEA 2023, Mohamed Samy (Senior Information Security Consultant at IOActive) introduced Project C-Shell – a unique infrastructure that integrat...

Black Hat speaker Imran Parray (Founder and CEO at Snapsec) launched his career by reporting thousands of security vulnerabilities to companies via their s...

API recon To start API testing, you first need to find out as much information about the API as possible, to discover its attack surface. To begin, you s...

Server-side parameter pollution Some systems contain internal APIs that aren’t directly accessible from the internet. Server-side parameter pollution occu...

Before you start reading this post I’d like to point out that this is not a practical technique, no sane person would manually hunt for DPAPI blobs and d...

In a decisive effort to protect national security and maintain the integrity of its information and communication technology infrastructure, the United Sta...

Understanding Supply Chain Cyberattacks A supply chain cyberattack targets third-party vendors within an organization’s supply chain. Historically, these a...

“If you can’t decipher our data, then why are you here?” This is a common reaction when our team arrives. Now, let me explain everything while covering:...