7 posts by Cornel du Preez

What is Log4Shell? Log4Shell is a critical vulnerability that affects the Log4J Java logging library (versions 2.14.0 and earlier) bundled into the Apache logging services. The vulnerability allows remote code execution (RCE) by a malicious actor

Application security practitioners often preach about the importance of shifting security left in the software development life-cycle (SDLC). The reason this catch-phrase so-easily resonates with leadership is simple: if it’s possible to identify

Here at Abricto Security, we believe that application penetration tests only reveal the tip of the iceberg. Specifically, if we conduct an application penetration test and we find that it’s riddled with vulnerabilities, the remediation effort

Abricto Security understands that all industries feel the impact of COVID-19 and we’re here to help. Our team is shifting our operating procedures to accommodate fully remote consultations and assessments. Here is how we plan to do so: We will

Target the http://target.server.com URL using the “-u” flag: sqlmap -u ‘http://target.server.com’ Specify POST requests by specifying the “–data” flag: sqlmap -u

Public key encryption is heavily utilized in modern implementations of SSH. By leveraging public key cryptography, administrators can generate both a public key and a private key to encrypt and decrypt data in transit. Using this method is favored

In many of our network and web application penetration tests, we come across login portals that aren’t protected by anti-automation controls. Essentially, this allows us to launch unrestricted dictionary attacks on previously identified