Curious how Facebook got hacked? Try it for yourself!

I stumbled upon an XXE vulnerability in one of the services used to deliver MaaS360 functionality to IBM clients. Details of the issue and its discovery are the focus of this blog.

Home of Nikhil SamratAshok Mittal. Posts about Red Teaming, Offensive PowerShell, Active Directory and Pen Testing.

14 votes and 2 comments so far on Reddit

It’s Monday night, there is nothing interesting on TV. I’m on my couch scrolling my Twitter feed when I saw this Fox News’ tweet…

Until the day TLS 1.3 becomes widely supported, web servers must rely on a fallback to TLS 1.2 with correctly configured server directives and strong cipher suites. Pick the wrong settings and you declare an open season on your server. The basics of TLS The…

This post highlights several mistakes in the patches released for vulnerabilities affecting various services of HPE Intelligent Management Center, with a focus on its native binaries.

CVE-2018-17456. GitHub Gist: instantly share code, notes, and snippets.

Use of DNS infrastructure is a staple of blind application testing and data exfiltration. Both of these scenarios are applicable in most pentest engagements but building engagement specific DNS infrastructure can be a pain. Now with so many cloud providers…

A couple months ago, Cody Wass released a blog on how to bypass SSL verification and certificate pinning for Android. I thought it would be a great idea to write up some techniques that I’ve found to work well for iOS. To reiterate from Cody’s blog, being…

In episode 21 of The Secure Developer, Guy meets with Julie Tsai, Head of Security for the RealReal, to discuss ways to manage secure systems and bridge the gap between security and DevOps.

Protect your user data with this step-by-step guide to secure your servers and applications.

A large budget doesn’t guarantee an airtight system and even the largest corporations have been known to overlook many common security liabilities.

Use publicly available tools to quickly start fuzzing browsers.

For the last week, VetSec competed in the Hacktober.org CTF event, which consisted of challenges in forensics, steganography, programming, offensive tactics, web application, reverse engineering, c…

A cookie stealer disguised as a gif image. Contribute to victorqribeiro/cookieStealer development by creating an account on GitHub.

Identifying threats within encrypted network traffic poses a unique set of challenges, i.e. monitoring traffic for threats and malware, but how to do so while maintaining the privacy of the user.