Insights
If you're interested in the world of cybersecurity, the related technical issues, and what's challenging right now, you're in the right place! This part talks about IT security more broadly and has the latest information, tips, and advice.
Latest insight
How Private Cache Can Lead to Mass Account Takeover – pentest case
MATEUSZ KOWALCZYK
12 July 2023
In many situations, minor vulnerabilities might seem like small fish in the vast ocean of cybersecurity threats. They’re often marked as low severity and thus, overlooked by developers who assume that the conditions for their exploitation are too complicated to be met. However, in this article, we’re going to challenge that assumption and show you …
READ article
Featured articles
XSS in WordPress via open embed auto discovery
JAKUB ŻOCZEK
29 May 2023
Introduction Users often assume that known software is free of security flaws because it has been checked by a sufficient number of tools and security testers. However, this is not an assumption that a pentester or bug hunter can afford to make. Vulnerabilities may lurk in various places, and finding an interesting bug often requires …
READ article
How to access data secured with BitLocker? Do a system update
K. BIERÓWKA
12 January 2023
Do you suffer from eternal lack of time for system updates? Finally managed to find a moment to install them, but you didn’t finish the whole process because you had to run out of the office? Is your data safe? Read this article to find out. As always in the IT world, it is difficult …
READ article
Other articles
SOCMINT – or rather OSINT of social media
Tomasz Turba
October 28, 2022
SOCMINT is the process of gathering and analyzing the information collected from various social networks, channels and communication groups in order to track down an object, gather as much partial data as possible, and potentially to understand its operation. All this in order to analyze the collected information and to achieve that goal by making …
READ article
PyScript – or rather Python in your browser + what can be done with it?
michał bentkowski
October 28, 2022
PyScript – or rather Python in your browser + what can be done with it? A few days ago, the Anaconda project announced the PyScript framework, which allows Python code to be executed directly in the browser. Additionally, it also covers its integration with HTML and JS code. An execution of the Python code in …
READ article
Windows security: reconnaissance of Active Directory environment with BloodHound - part 2.
DAWID FARBANIEC
August 19, 2022
Collecting information about the domain environment with SharpHound A program that collects domain environment data – SharpHound is a component of the BloodHound tool. The collection of environmental data starts when SharpHound.exe is run on one of the computers. ...
READ article
Windows security: reconnaissance of Active Directory environment with BloodHound - part 1.
DAWID FARBANIEC
July 2, 2022
Windows security: reconnaissance of Active Directory environment with BloodHound. In this article we will take a closer look at the BloodHound tool – Six Degrees of Domain Admin. The application was developed in JavaScript and built using the Electron platform. The graphical visualization uses the Neo4j database. During the experiment, we will use a Windows …
READ article
Windows security – what is LSASS dump. How to protect against it? Part 1.
DAWID FARBANIEC
June 9, 2022
Windows security – what is LSASS dump. How to protect against it? The ability of Advanced Persistent Threat (APT) groups and other threat actors to take a dump of Windows credentials is a serious threat especially to enterprises and other organizations. The MITRE ATT&CK knowledge base, which is created primarily to support defense against cyber …
READ article
fail2ban – Remote Code Execution
JAKUB ŻOCZEK
April 4, 2022
In this article we will discuss a recently published vulnerability in quite popular software – fail2ban (CVE-2021-32749). Under the right conditions, this bug could be exploited to achieve code execution with root privileges. Luckily, it is difficult for a “normal” attacker to achieve. This vulnerability is rooted in a way the mail command from the …
READ article
Is running legacy software with no publicly known exploits safe?
Krzysztof Bierówka
15 may 2023
There is a lot of legacy software running all over the network. This is an excellent example of technological debt. And the debt means that we are borrowing. We borrow time before compromise. It’s quite easy to identify that some software or system is outdated and no longer supported. Yet, it seems that no one …
READ article
Comparison of reverse image searching in popular search engines [OSINT hints]
KRZYSZTOF WOSIŃSKI
August 11, 2021
A little experiment – comparison of Google, Bing and Yandax in terms of reverse image search. Guest post by Krzysztof Wosinski
READ article
Helping secure DOMPurify
MICHAŁ BENTKOWSKI
December 21, 2020
In this blog post I share my experience with helping secure DOMPurify and trying to kill an entire class of bypasses
READ article
Mutation XSS via namespace confusion – DOMPurify < 2.0.17 bypass
MICHAŁ BENTKOWSKI
September 21, 2020
In this blogpost I’ll explain my recent bypass in DOMPurify – the popular HTML sanitizer library. In a nutshell, DOMPurify’s job is to take an untrusted HTML snippet, supposedly coming from an end-user, and remove all elements and attributes that can lead to Cross-Site Scripting (XSS). This is the bypass: Believe me that there’s not …
READ article
Prototype pollution – and bypassing client-side HTML sanitizers
MICHAŁ BENTKOWSKI
August 18, 2020
In this article I’ll cover the prototype pollution vulnerability and show it can be used to bypass client-side HTML sanitizers. I’m also considering various ways to find exploitation of prototype pollution via semi-automatic methods. It could also be a big help in solving my XSS challenge. Prototype pollution basics Prototype pollution is a security vulnerability, …
READ article
HTML sanitization bypass in Ruby Sanitize < 5.2.1
michał bentkowski
July 22, 2020
On Jun 16, 2020 a security advisory for Ruby Sanitize library was released about an issue that could lead to complete bypass of the library in its RELAXED config. I have found this bug during a penetration test conducted by Securitum, and in this post I’ll explain how I came up with the idea of …
READ article
Marginwidth/marginheight – the unexpected cross-origin communication channel
Michał bentkowski
July 13, 2020
On 6th July 2020 I’ve announced a XSS challenge on my Twitter. So far only four people were able to solve it and every single one of them told me that they had never heard about the quirk used in the challenge before. So here’s a writeup explaining this quirk along with some backstory. The …
READ article
Art of bug bounty: a way from JS file analysis to XSS
Jakub Żoczek
July 1, 2020
Summary: During my research on other bug bounty program I've found Cross-Site Scripting vulnerability in cmp3p.js file, which allows attacker to execute arbitrary javascript code in context of domain that include mentioned script. Below you can find the way of finding bug bounty vulnerabilities
READ article
