HackDig : Dig high-quality web security articles

RootMe CTF: TryHackMe A Beginner’s Guide to Capture the flag

In this blog, you will learn about how to hack RootMe machine from TryHackMe. So let’s jump straight to TryHackMe and deploy the machine here is the link for the machine: https://www.tryhackme.com/room/rrootme TASK-1: Deploy the Machine Start the machine. 1. Deploy the machine – No answer needed. TASK-2: Reconnaissance Reconnaissan
Publish At:2021-04-09 09:42 | Read:86 | Comments:0 | Tags:Knowledge-base cybersecurity cybersecurity training rootme C

Run Interface for Account takeover vulnerability fraud detection

Account takeover vulnerability fraud is a type of ‘identity fraud’ where a vindictive outsider effectively accesses a client’s account credentials. By acting like the authentic user, hackers can change the details of the accounts, convey phishing emails, take monetary data or any other information that is sensitive, or utilize any of the rustled data t
Publish At:2021-04-07 07:03 | Read:58 | Comments:0 | Tags:Account takeover vulnerability Knowledge-base Account takeov

PowerShell for Pentest- Examples of Commands, Scripts for Pentesters

Over the last decade, Powershell is now used to do everything on a Windows platform and we as pentesters can also utilize it as a powerful post-exploitation “tool/language” that can give us so much power and a very big attack surface/possibility. It can also be leveraged to run “file-less” malware, which are non-binary files that can’t easily be detected
Publish At:2021-03-23 11:49 | Read:70 | Comments:0 | Tags:Knowledge-base Penetration Testing powershell powershell com

Cyber Security Webinar CISO 2021: The Unveiling of API Security Myths

Get free Registration for the API cyber security webinar on Wednesday, March 31st, 2020, at 7:00 pm IST. Presented by Mr. Satyam Gothi. This cyber security webinar is designed for security professionals, network administrators, CIOs, CTOs, and CISOs. Both technology management professionals and mid-level IT professionals will gain more insights on ch
Publish At:2021-03-23 11:49 | Read:115 | Comments:0 | Tags:API Security Knowledge-base Webinar cybersecurity ciso Webin

OSINT tools, much more than Open Source and Intelligence – Part I

OSINT is the combination of OS(Open-Source) and INT(Intelligence) or information. OSINT is quite a crucial element in keeping tabs on the information chaos. When you talk with a hacker, his friend will be the OSINT because intelligence or Information as we put it, makes a hacker’s job easy. OSINT and OSINT tools can prove to be the best initial approac
Publish At:2021-03-17 03:25 | Read:210 | Comments:0 | Tags:IoT Security Knowledge-base Penetration Testing osint osint

Web Application Security Automation is of Utmost Importance in 2021

In these modern times, with almost everything going “Online”, Cyber Security is the prime importance leading 2021. And along with that, the fast-paced nature of everything around us, begs the need to do as much as possible, automatically, without any or just minimal human interaction. And that extends to hold true for any Organization’s Security posture as w
Publish At:2021-03-09 04:37 | Read:254 | Comments:0 | Tags:Knowledge-base Web Application Security Windows Application

Exploiting the XML External Entity Injection XXE Attack Vulnerability

Hey people, in this blog we will see what is XXE attack infusion and show some basic model assaults, and lastly sum up this post with techniques to prevent XML External Entity Vulnerability.  XML External Entity XXE technically is a vulnerability that permits the hacker to find or view the data from the internal file systems of the application server and
Publish At:2021-02-24 08:31 | Read:416 | Comments:0 | Tags:Knowledge-base XML External Entity xxe attack Vulnerability

Cybercrimes Prevention: International Cybersecurity Laws & implications

Is your business framework 100% prepared to confront the severest cybercrimes or cyber-attacks and alleviate the danger of potential data breaches? In the event that you are uncertain about your cybersecurity structure, at that point, it’s an ideal opportunity to update it. Else, you could be at risk of long fights in court that bring about heavy fines
Publish At:2021-02-18 04:19 | Read:422 | Comments:0 | Tags:Knowledge-base News cyberattack Cybercrimes Cybercrimes Prev

OWASP IoT Top 10 Series: Weak or Hardcoded Password Policy OWASP

In the last blog we had explored OWASP IoT Top 10 vulnerabilities overview, now we will explore the impact of each of these OWASP vulnerabilities on IoT technologies and product development. And today we will explore the oldest and most common mistake which is a weak password configuration in these smart internet-connected devices. When it comes to findin
Publish At:2021-02-15 01:55 | Read:360 | Comments:0 | Tags:IoT Security Knowledge-base OWASP owasp IOT top 10 OWASP Top

Web Cache Poisoning – A Modern Methodology of Attacking Large User-Base

In this modern digital world, especially in the era of Work From Home (WFH), it is essential that the web applications we are being used on daily basis must be available to their users with quick request-response time. There are many ways to achieve this, but we are going to focus on Caching and Web Cache Poisoning. Many web applications make use of Web Serv
Publish At:2021-02-03 09:25 | Read:397 | Comments:0 | Tags:Knowledge-base News Cache attack Web Cache Poisoning Web Cac

Secure Coding Practices 2021: Mobile Applications With Mobile Vulnerabilities

Improper platform usage is the major vulnerability of mobile applications. This vulnerability categorizes all the misuse or improper usage of any given functionality or a security feature in the mobile. This could include a misconfigured Android Intent which will leak users’ sensitive data or accept requests from other applications. It may also include
Publish At:2021-01-14 09:25 | Read:365 | Comments:0 | Tags:Knowledge-base secure coding guidelines secure coding practi

Becoming a Chief Information Security Officer CISO Under the Expert’s Advice

The international cybersecurity market is developing rapidly and gaining new heights. Market researchers accept as true spending just withinside the same domain will attain almost $134 billion by the time the year 2022 shows up. The sector additionally employs simply a sum of 1,000,000 people in only one fourth a part of the world. There is presently a ro
Publish At:2020-11-30 09:25 | Read:510 | Comments:0 | Tags:Knowledge-base Chief Information Security Officer Duties and

SQL Injection Attack And Exploiting SQL Injection Part – 2

In the previous blog, we understood the extreme basics of SQL Injection. But in this, we are going to look for some high-level possibilities of a SQL Injection attack.SQL Injection is one of the most common vulnerabilities encountered on the web and can also be one of the most dangerous. Attackers can inject malicious SQL code in order to extract sensitive i
Publish At:2020-11-18 08:49 | Read:776 | Comments:0 | Tags:Knowledge-base SQL Injection Website Security DNS based exfi

SQL Injection And Exploiting SQL Injection Part – 1

Injection. What is Injection? Injection in simple terms means supplying an untrusted input in the application. This untrusted input then gets interpreted by the interpreter considering it as a part of a command or a query. This modifies the execution of the program.An injection could cause data loss, loss of integrity, denial of service as well as entire sys
Publish At:2020-10-28 17:30 | Read:735 | Comments:0 | Tags:Knowledge-base SecureLayer7 Lab Security Advisory SQL Inject

Top Security Practices To Make Agile Development More Agile

Programming improvement or software development groups have been changed altogether to adapt to the ever-advancing programming or software markets. The always competitive market has particularly pushed firms to receive agile advancement approaches to stay applicable. Agile software development is an approach to develop software programs of higher quality,
Publish At:2020-10-09 09:48 | Read:708 | Comments:0 | Tags:Knowledge-base Software Security Web Application Security Ag