Safe Data Act: A New Privacy Law in the Town

Safe Data Act - let’s help you catch up on this new federal privacy law. Find out its key provisions for Americans and what businesses have to do to stay compliant.

How to make your contact form secure from Bots

Secure contact form from bots attacks. Find the best ways to reduce and block contact form spams that are otherwise frustrating and time consuming to deal with.

Source Code Analysis and API Keys Exploitations

I was getting lots of requests and msg on Whatsapp, LinkedIn, Twitter about the source code analysis, and exploitation of API Keys. So I will share my approach and also some blogs and writeups which you can refer to get a clear understanding.

Exploit Development 101 — Buffer Overflow Free Float FTP

Introduction to exploit development on Windows_x86_32. In this tutorial we’ll exploit a simple buffer overflow vulnerability writing our own exploit from scratch, this will result to a shell giving us admin access to the machine that we’ll attack.

Is Your Organization Handling Secrets Securely?

In this story, I would be discussing the issue related to hardcoded secrets and the ways in which we can effectively resolve the issue.

SSRF: Web App Security Basics

Server-Side Request Forgery (SSRF) is a type of exploit where an attacker can use the functionality of a server for his benefit, to access or manipulate information in the network of the server, which would be not accessible directly to the attacker.

Exploiting fine-grained AWS IAM permissions for total cloud compromise

This is a real case study of how to enumerate and use IAM permissions to your advantage. I strongly suggest you read my previous article on how IAM permissions work. It’s long, but necessary to understand most of the things we did here.

Exploiting AWS IAM permissions for total cloud compromise: a real world example

In part 1 we compromised an account with multiple permissions, but no Administrator access. We found a potential role that would allow us to escalate privileges, following one of the methods in Rhinosecuritylab’s post. Briefly explained, we’ll try to create an instance and attach to it a privileged role at creation time.

AWS IAM explained for Red and Blue teams

When I started getting into AWS pentesting, one of the hardest things to fully understand was IAM. AWS documentation is usually great, but can be extensive, and IAM has a lot of similar terms. You have users, roles, groups, managed policies, inline policies, instance roles, etc… This article will try to shine some light on the subject, as well as some ways to enumerate this information with different tools.

How hackers steal your keys and secrets

After hunting for security bugs I’ve realized clients I’m working with are not familiar enough (or at all) with basic “hacking” techniques. API keys, passwords, SSH encrypted keys, and certificates are all great mechanisms of protection, as long they are kept secret.

Recipe for a successful phishing campaign (part 2/2)

In part 1 we saw general considerations you should keep in mind in order to start setting up your infrastructure, as well as technical steps to setup your domain with SPF and DKIM records. In this part we’ll get to a score of 10/10 and I’ll show you how to manage big campaigns, as well as 10 tips at the end to improve your reception percentage. We’ll also talk about SMTP relays and when you should use them.

Recipe for a successful phishing campaign

Having participated in multiple phishing campaigns over the years, both in offensive as well as defensive teams, I’ve learned from trial and error a lot of these things to pay attention to. This article will try to summarize them.

Blind UNION-based SQLi with Python

Blind UNION-based SQLi with Python. See how Python can beat Burp Suite in brute-forcing speed and boost your hacking efficiency.

An approach to detect DDoS attack with A.I.

An approach to detect DDoS attack with A.I. This is a research experiment explaining how to detect DDoS attack with Machine Learning along with different aspects of data science.

XXE: Web App Security Basics

XXE aka XML External Entity is an attack against an application which allows an XML input and an attacker can interfere with the application’s XML processing. In case of successful attack, the attacker can view file’s data on server, and many other attacks like path traversal, port scanning, denial of service or even access the internal machines of which the application has access (referring SSRF attack). It is ranked as 4th top attack in OWASP Top 10 (2017).

Docker Security 101 — Hacking and Securing Docker Containers

Part 1 — Introduction to Docker & Running Applications as ROOT User. Dear Readers, in this blog series I will cover Security issues related to Docker and how to protect against misconfigurations and attacks.

Combining Hadoop and MCollective for total network compromise

This is the story of how only two insecure configurations allowed us to take down an entire cloud hosted company. It was a gray box pentest for a relatively big client, in which we were tasked with assessing the security of about 5 development endpoints, accessible only using a client certificate.

Playing With CrowdStrike Machine Learning Detection

Playing With CrowdStrike Machine Learning Detection. A review of the new generation EDR CrowdStrike.

Sensitive data exposure with Nuclei: The new big gun with exploit bullets

Hey my hacker buddies! I hope you are enjoying the WFH(if you have)/ your bounty days! I am not hunting a lot since a good couple of months and that’s the reason I was not active on medium.

Understanding Why Secrets Like API Keys Inside Git Are Such a Problem

Secrets like API keys or credentials in git repositories remains a state of the world. How can you find secrets in git and prevent git leaks from happening?