HackDig : Dig high-quality web security articles for hacker

PentesterLab Pro Giveaway

We are excited to announce that we will be giving away 200 one-month subscriptions to PentesterLab Pro. During these challenging times, we hope that you will be able to use this learning resource to improve your web application testing skills. PentesterLab Pro is a leading industry tool designed to make learning web hacking easier. Using hands-on exe
Publish At:2020-04-04 14:45 | Read:113 | Comments:0 | Tags:Penetration Testing Security Testing & Analysis

Tricks for Weaponizing XSS

In this blog post, we will look at some simple JavaScript tricks for creating weaponized cross-site scripting (XSS) payloads. If less reading more videoing is your thing, watch this topic in webinar form here: https://www.trustedsec.com/events/webinar-popping-shells-instead-of-alert-boxes-weaponizing-xss-for-fun-and-profit/ Often, penetration testers
Publish At:2020-03-30 11:22 | Read:113 | Comments:0 | Tags:Application Security Assessment Penetration Testing Xss

Securing a Remote Workforce: Top Five Things to Focus on For Everyone

Deploying a remote workforce is uncharted territory for some organizations, while others have been perfecting the model for years. Most security programs have different ways to handle their workforce. For on-premise users, which has traditionally used more of castle mentality where you attempt to prevent outsiders from penetrating the network perimeter (simi
Publish At:2020-03-25 09:59 | Read:106 | Comments:0 | Tags:Business Risk Assessment Managed Services Operational Perfor

7 Spring Cleaning Tasks to Improve Data Security

This year, March 19 ushered in spring in the Northern Hemisphere — the first time since 1896 that the season has started so early. So why not take advantage of the season’s early arrival to do some spring cleaning, not only of your physical space, but of your data and systems, too? Digital spring cleaning can make your life easier and dramatically impr
Publish At:2020-03-20 10:40 | Read:227 | Comments:0 | Tags:Data Protection Mobile Security Application Security Cloud C

Upgrade Your Workflow, Part 2: Building Phishing Checklists

Continuing on the idea of creating checklists, (see previous blog about OSINT checklists), I wanted to share my personal phishing checklist. This list is what I use to make sure I have covered all my bases before firing the email. Some of these items may or may not be used, depending on your pretext. TLDR: Checklist at the end of the post Target Verifi
Publish At:2020-03-19 17:26 | Read:184 | Comments:0 | Tags:Application Security Assessment Penetration Testing Security

Upgrade Your Workflow, Part 1: Building OSINT Checklists

With so many new cool techniques and tools being released every day, I’ve caught myself going down rabbit holes or chasing false leads during engagements. Sometimes I’ll get so bogged down with tunnel-vision that I make OpSec mistakes or delay an entire testing objective. At best, this could result in my attacks being discovered, resulting in wasted time, or
Publish At:2020-03-17 09:55 | Read:155 | Comments:0 | Tags:Application Security Assessment Penetration Testing Security

How Human Security Investments Created a Global Culture of Accountability at ADP

Practice doesn’t necessarily make perfect, but it can lead to improvement. Quality practice is key in matters of human security, and the right quantity of practice can also make a significant difference when it comes to shifting mindsets and behavior. “Scientists believe that expert-level performance is primarily the result of expert-level practi
Publish At:2020-03-04 13:39 | Read:242 | Comments:0 | Tags:CISO Artificial Intelligence (AI) Chief Information Security

Intro to Macros and VBA for Script Kiddies

Introduction Why can’t I pwn my friends anymore? It seems like all my Metasploit magic is getting caught—even my modified, secret-sauce payloads. DEP. ASLR. EDRs. Sandboxes. Whitelists. It’s no fun anymore! So, you thought you were a 1337 h4x0r? You thought you had mad ‘sploit-writing, shell-popping skillz? First, you learned Python (so easy), then C
Publish At:2020-03-03 12:48 | Read:349 | Comments:0 | Tags:Application Security Assessment Hardware Security Assessment

State of the Phish: IBM X-Force Reveals Current Phishing Attack Trends

Phishing has long been an infection vector of choice for threat actors, and for good reason — it is relatively easy, inexpensive and consistently successful. In 2018 and 2019, attackers used phishing as an entry point for one-third of all attacks tracked by IBM X-Force Incident Response and Intelligence Services (IRIS) — the most commonly used of all known a
Publish At:2020-03-03 07:18 | Read:264 | Comments:0 | Tags:Threat Intelligence Business Email Compromise (BEC) Data Bre

Weak in, Weak out: Keeping Password Lists Current

THIS POST WAS WRITTEN BY @NYXGEEK When performing brute-force attacks, it’s our first instinct to go to the current season and year, i.e., Winter20, Winter2020. But it’s important to keep in mind that many organizations use a 90-day password change window, and 90 days can be a deceptively long time. For instance, as of today, February 25, 2020
Publish At:2020-02-26 12:38 | Read:254 | Comments:0 | Tags:Application Security Assessment Penetration Testing Security

Making Cloud Security a Team Sport

While most large enterprises are moving to the cloud in some form, the path is never as direct as chief information officers (CIOs) and chief information security officers (CISOs) might like it to be. Most come to terms with the fact that the cloud won’t be a single offering, but rather a hybrid multicloud that aligns critical applications with cloud s
Publish At:2020-02-21 09:34 | Read:361 | Comments:0 | Tags:Cloud Security Cloud Cloud Adoption Cloud Infrastructure Clo

Achieving Passive User Enumeration with OneDrive

This post was written by @nyxgeek Microsoft recently fixed a beloved user enumeration vulnerability in Office 365 that I routinely used to gain valid credentials for the last couple of years (https://grimhacker.com/2017/07/24/office365-activesync-username-enumeration/). Microsoft still hasn’t changed its official stance on user-enumeration-as-a-b
Publish At:2020-02-18 11:00 | Read:301 | Comments:0 | Tags:Application Security Assessment Penetration Testing Security

Why We Are Launching the TrustedSec Sysmon Community Guide

Today we are excited to announce the launch of the TrustedSec Sysmon Community Guide. This guide is intended to be a one-stop shop for all things Sysmon. Our goal for the project is to help empower defenders with the information they need to leverage this great tool and to help the infosec community spread the knowledge gained in working to detect attack
Publish At:2020-02-06 14:50 | Read:316 | Comments:0 | Tags:Application Security Assessment Architecture Review Business

SIGINT to Synthesis

Not too long ago, I was at a hardware store and I came across some lights that I wanted to play with because I had a feeling they could be fun for Halloween and make for a decent blog post. Before I purchased the lights, I looked at their online manual and checked to see if they were compliant with Part 15 of the Federal Communications Commission (FCC) rules
Publish At:2020-01-28 14:50 | Read:506 | Comments:0 | Tags:Application Security Assessment Hardware Security Assessment

Finding a Privilege Escalation in the Intel Trusted Connect Service Client

In this post, we will cover a privilege escalation that I found in the Intel Trusted Connect Service Client. The Connect Service Client is part of Intel Management Engine Components and is designed to permit a non-privileged user to become system. After communicating with Intel about the vulnerability, it was discovered that this was already fixed in an up t
Publish At:2020-01-21 14:50 | Read:381 | Comments:0 | Tags:Application Security Assessment Penetration Testing Security


Share high-quality web security related articles with you:)


Tag Cloud