HackDig : Dig high-quality web security articles for hacker

Securing Google Cloud Run serverless workloads

Google Cloud Run is a serverless compute platform that automatically scales your stateless containers. In this post we are going to showcase how to secure the entire lifecycle of your Cloud Run services. Sysdig provides a secure DevOps workflow for Cloud Run Platforms that embeds security, maximizes availability and validates compliance across the ser
Publish At:2019-11-14 23:50 | Read:20 | Comments:0 | Tags:Uncategorized Google Cloud Sysdig Secure Cloud

How to Hack an Instagram Account – Newbie Friendly Tutorial (2019 Methods)

Instagram is without doubts a leading social network of nowadays. Millions of people from all over the world are browsing trough its news feed daily, posting moments from their life, following other users, celebrities and stuff what interest them. With a huge rise of Instagram’s popularity, with hundreds of thousands daily active users, it’s a common thing t
Publish At:2019-11-14 15:50 | Read:69 | Comments:0 | Tags:Uncategorized

How to Hack a Twitter Account – Working Methods of 2019

Many Twitter users across the world got themselves in situation of losing their account password at least once in their lifetime. This problem may occur due to many reasons. One can simply forget or save their password somewhere safe, and after some time you can’t remember it. Some Twitter accounts are also getting hacked and lost forever. In most situation
Publish At:2019-11-11 22:05 | Read:34 | Comments:0 | Tags:Uncategorized

How to Hack a TikTok Account – Tutorial (Methods of 2019)

This tutorial is written in goal to help users of TikTok social network who lost their account due to hacking or by forgetting their password. Yes, lost accounts can easily be recovered using “password reset” feature located at login page of almost every website. But the problem for many users is that they even lose password of their email account used when
Publish At:2019-11-11 22:05 | Read:77 | Comments:0 | Tags:Uncategorized

Phishing for baits: How to get all the treats and none of the tricks.

Phishing for baits: How to get all the treats and none of the tricks. October 27th, 2019 No Comments Uncategorized Halloween is around the corner, and you know what that means – scary customs, scary movies, scary decorations, and, unfortunately, sc
Publish At:2019-10-27 05:05 | Read:147 | Comments:0 | Tags:Uncategorized

MISP Summit 0x05 Wrap-Up

I’m in Luxembourg for a full week of infosec events. It started today with the MISP summit. It was already the fifth edition and, based on the number of attendees, the tool is getting more and more popularity. The event started with a recap of what happened since the last edition. It was a pretty busy year with many improvements, add-ons. More and mor
Publish At:2019-10-21 15:20 | Read:282 | Comments:0 | Tags:Event MISP Uncategorized Luxembourg

The Datadog IPO: An Analysis of Datadog’s Future.

First, congratulations to Datadog for building a strong business and its IPO today!Datadog’s rapid growth illustrates a couple of key industry themes: First, growth in cloud applications continues at an unprecedented rate, and second, cloud applications require enterprises to rethink existing tools for visibility. Most significantly, the fact that Datadog ha
Publish At:2019-10-18 04:35 | Read:114 | Comments:0 | Tags:Uncategorized

Detecting random filenames using (un)supervised machine learning

Combining both n-grams and random forest models to detect malicious activity. Author: Haroen Bashir An essential part of Managed Detection and Response at Fox-IT is the Security Operations Center. This is our frontline for detecting and analyzing possible threats. Our Security Operations Center brings together the best in human and machine analysis and we c
Publish At:2019-10-16 11:30 | Read:175 | Comments:0 | Tags:Uncategorized

Phishing – Ask and ye shall receive

During penetration tests, our primary goal is to identify the difference in paths that can be used to obtain the goal(s) as agreed upon with our customers. This often succeeds due to insufficient hardening, lack of awareness or poor password hygiene. Sometimes we do get access to a resource, but do not have access to the username or password of the user that
Publish At:2019-09-19 23:30 | Read:177 | Comments:0 | Tags:audits Blog pentest Uncategorized

Your trust, our signature

Written and researched by Mark Bregman and Rindert Kramer Sending signed phishing emails Every organisation, whatever its size, will encounter phishing emails sooner or later. While the number of phishing attacks is increasing every day, the way in which phishing is used within a cyber-attack has not changed: an attacker comes up with a scenario which looks
Publish At:2019-09-19 23:30 | Read:305 | Comments:0 | Tags:audits Blog pentest Uncategorized email hacking phishing

Identifying Cobalt Strike team servers in the wild

How an anomalous space led to fingerprinting Summary On the 2nd of January 2019 Cobalt Strike version 3.13 was released, which contained a fix for an “extraneous space”. This uncommon whitespace in its server responses represents one of the characteristics Fox-IT has been leveraging to identify Cobalt Strike Servers, with high confidence, for the
Publish At:2019-09-19 23:30 | Read:104 | Comments:0 | Tags:Threat Intelligence Uncategorized

mkYARA – Writing YARA rules for the lazy analyst

Writing YARA rules based on executable code within malware can be a tedious task. An analyst cannot simply copy and paste raw executable code into a YARA rule, because this code contains variable values, such as memory addresses and offsets. The analyst has to disassemble the code and wildcard all the pieces in the code that can change between samples. mkYAR
Publish At:2019-09-19 23:30 | Read:177 | Comments:0 | Tags:Threat Intelligence Uncategorized reverse-engineering YARA

The Concerns About Cyber Security Matter to Take Notice for the Rest of 2019

If you are a desktop user, you probably think that using a service such as Avira or Avast is enough to safeguard your information from attacks. You are so far from being genuinely safe with this type of software that is almost sweet to believe that these tools can adequately protect your personal data. The internet is still a scary place for many people and
Publish At:2019-09-19 16:35 | Read:181 | Comments:0 | Tags:Uncategorized

2,440 Websites Have Been Affected by JS-Sniffers

An international anti-cyberattack company called Group-IB has issued a report which investigates JavaScript Sniffers at length. In case you’re wondering, JavaScript sniffers are a special kind of malware that’s very efficient at stealing customer payment data directly from online stores. Currently, JS-sniffers can be found in over 2,440 e-commerce stores, wh
Publish At:2019-09-19 16:35 | Read:184 | Comments:0 | Tags:Uncategorized

How to Hack Facebook Account – 2019 Working Methods

They say that hacking is one of the most frowned upon processes to take part in, and while that may be true, there are plenty of people out there hacking for the “greater good”. All of the information that you’ll be reading through within this article is to be used for personal use only – this is merely a way to go about retrieving an account that you&
Publish At:2019-09-19 16:35 | Read:113 | Comments:0 | Tags:Uncategorized

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud