This website uses cookies

To provide the highest level of service we use cookies on this site.
Your continued use of the site means that you agree to their use in accordance with our terms and conditions.

Insights

If you're interested in the world of cybersecurity, the related technical issues, and what's challenging right now, you're in the right place! This part talks about IT security more broadly and has the latest information, tips, and advice.

Latest insight

How Private Cache Can Lead to Mass Account Takeover – pentest case

MATEUSZ KOWALCZYK

12 July 2023

In many situations, minor vulnerabilities might seem like small fish in the vast ocean of cybersecurity threats. They’re often marked as low severity and thus, overlooked by developers who assume that the conditions for their exploitation are too complicated to be met. However, in this article, we’re going to challenge that assumption and show you …

READ article

Featured articles

XSS in WordPress via open embed auto discovery

JAKUB ŻOCZEK

29 May 2023

Introduction Users often assume that known software is free of security flaws because it has been checked by a sufficient number of tools and security testers. However, this is not an assumption that a pentester or bug hunter can afford to make. Vulnerabilities may lurk in various places, and finding an interesting bug often requires …

READ article

How to access data secured with BitLocker? Do a system update

K. BIERÓWKA

12 January 2023

Do you suffer from eternal lack of time for system updates? Finally managed to find a moment to install them, but you didn’t finish the whole process because you had to run out of the office? Is your data safe? Read this article to find out. As always in the IT world, it is difficult …

READ article

Other articles

SOCMINT – or rather OSINT of social media

Tomasz Turba

October 28, 2022

SOCMINT is the process of gathering and analyzing the information collected from various social networks, channels and communication groups in order to track down an object, gather as much partial data as possible, and potentially to understand its operation. All this in order to analyze the collected information and to achieve that goal by making …

READ article

PyScript – or rather Python in your browser + what can be done with it?

michał bentkowski

October 28, 2022

PyScript – or rather Python in your browser + what can be done with it? A few days ago, the Anaconda project announced the PyScript framework, which allows Python code to be executed directly in the browser. Additionally, it also covers its integration with HTML and JS code. An execution of the Python code in …

READ article

Windows security: reconnaissance of Active Directory environment with BloodHound - part 2.

DAWID FARBANIEC

August 19, 2022

Collecting information about the domain environment with SharpHound A program that collects domain environment data – SharpHound is a component of the BloodHound tool. The collection of environmental data starts when SharpHound.exe is run on one of the computers. ...

READ article

Windows security: reconnaissance of Active Directory environment with BloodHound - part 1.

DAWID FARBANIEC

July 2, 2022

Windows security: reconnaissance of Active Directory environment with BloodHound. In this article we will take a closer look at the BloodHound tool – Six Degrees of Domain Admin. The application was developed in JavaScript and built using the Electron platform. The graphical visualization uses the Neo4j database. During the experiment, we will use a Windows …

READ article

Windows security – what is LSASS dump. How to protect against it? Part 1.

DAWID FARBANIEC

June 9, 2022

Windows security – what is LSASS dump. How to protect against it? The ability of Advanced Persistent Threat (APT) groups and other threat actors to take a dump of Windows credentials is a serious threat especially to enterprises and other organizations. The MITRE ATT&CK knowledge base, which is created primarily to support defense against cyber …

READ article

fail2ban – Remote Code Execution

JAKUB ŻOCZEK

April 4, 2022

In this article we will discuss a recently published vulnerability in quite popular software – fail2ban (CVE-2021-32749). Under the right conditions, this bug could be exploited to achieve code execution with root privileges. Luckily, it is difficult for a “normal” attacker to achieve. This vulnerability is rooted in a way the mail command from the …

READ article

Is running legacy software with no publicly known exploits safe?

Krzysztof Bierówka

15 may 2023

There is a lot of legacy software running all over the network. This is an excellent example of technological debt. And the debt means that we are borrowing. We borrow time before compromise. It’s quite easy to identify that some software or system is outdated and no longer supported. Yet, it seems that no one …

READ article

Comparison of reverse image searching in popular search engines [OSINT hints]

KRZYSZTOF WOSIŃSKI

August 11, 2021

A little experiment – comparison of Google, Bing and Yandax in terms of reverse image search. Guest post by Krzysztof Wosinski

READ article

Helping secure DOMPurify

MICHAŁ BENTKOWSKI

December 21, 2020

In this blog post I share my experience with helping secure DOMPurify and trying to kill an entire class of bypasses

READ article

Mutation XSS via namespace confusion – DOMPurify < 2.0.17 bypass

MICHAŁ BENTKOWSKI

September 21, 2020

In this blogpost I’ll explain my recent bypass in DOMPurify – the popular HTML sanitizer library. In a nutshell, DOMPurify’s job is to take an untrusted HTML snippet, supposedly coming from an end-user, and remove all elements and attributes that can lead to Cross-Site Scripting (XSS). This is the bypass: Believe me that there’s not …

READ article

Prototype pollution – and bypassing client-side HTML sanitizers

MICHAŁ BENTKOWSKI

August 18, 2020

In this article I’ll cover the prototype pollution vulnerability and show it can be used to bypass client-side HTML sanitizers. I’m also considering various ways to find exploitation of prototype pollution via semi-automatic methods. It could also be a big help in solving my XSS challenge. Prototype pollution basics Prototype pollution is a security vulnerability, …

READ article

HTML sanitization bypass in Ruby Sanitize < 5.2.1

michał bentkowski

July 22, 2020

On Jun 16, 2020 a security advisory for Ruby Sanitize library was released about an issue that could lead to complete bypass of the library in its RELAXED config. I have found this bug during a penetration test conducted by Securitum, and in this post I’ll explain how I came up with the idea of …

READ article

Marginwidth/marginheight – the unexpected cross-origin communication channel

Michał bentkowski

July 13, 2020

On 6th July 2020 I’ve announced a XSS challenge on my Twitter. So far only four people were able to solve it and every single one of them told me that they had never heard about the quirk used in the challenge before. So here’s a writeup explaining this quirk along with some backstory. The …

READ article

Art of bug bounty: a way from JS file analysis to XSS

Jakub Żoczek

July 1, 2020

Summary: During my research on other bug bounty program I've found Cross-Site Scripting vulnerability in cmp3p.js file, which allows attacker to execute arbitrary javascript code in context of domain that include mentioned script. Below you can find the way of finding bug bounty vulnerabilities

READ article

Any questions?

Happy to get a call or email
and help!

Terms and conditions
© 2023 Securitum. All rights reserved.