What is Log4Shell? Log4Shell is a critical vulnerability that affects the Log4J Java logging library (versions 2.14.0 and earlier) bundled into the Apache logging services. The vulnerability allows remote code execution (RCE) by a malicious actor
Our team researches and documents bleeding-edge security concepts and hacking techniques. This blog explores these topics and more to keep you informed.
Why Critical Vulnerabilities Like Log4Shell Will Continue to Surface
By Cornel du Preez | December 14, 2021 | Blog
What is Log4Shell? Log4Shell is a critical vulnerability that affects the Log4J Java logging library (versions 2.14.0 and earlier) bundled into the Apache logging services. The vulnerability allows remote code execution (RCE) by a malicious actor
Shifting Security Left: A Practical Guide
By Cornel du Preez | November 5, 2020 | Blog
Application security practitioners often preach about the importance of shifting security left in the software development life-cycle (SDLC). The reason this catch-phrase so-easily resonates with leadership is simple: if it’s possible to identify
Defining the Secure Software Development Lifecycle (SSDLC)
By Cornel du Preez | June 30, 2020 | Blog
Here at Abricto Security, we believe that application penetration tests only reveal the tip of the iceberg. Specifically, if we conduct an application penetration test and we find that it’s riddled with vulnerabilities, the remediation effort
By Cornel du Preez | April 13, 2020 | Blog
Abricto Security understands that all industries feel the impact of COVID-19 and we’re here to help. Our team is shifting our operating procedures to accommodate fully remote consultations and assessments. Here is how we plan to do so: We will
SQLmap Cheatsheet and Examples
By Cornel du Preez | April 2, 2020 | Blog
Target the http://target.server.com URL using the “-u” flag: sqlmap -u ‘http://target.server.com’ Specify POST requests by specifying the “–data” flag: sqlmap -u
Extracting Private Keys From Public Keys Generated With Weak Random Number Generators
By Cornel du Preez | March 19, 2020 | Blog
Public key encryption is heavily utilized in modern implementations of SSH. By leveraging public key cryptography, administrators can generate both a public key and a private key to encrypt and decrypt data in transit. Using this method is favored
Password List Generation Using CUPP
By Cornel du Preez | February 7, 2020 | Blog
In many of our network and web application penetration tests, we come across login portals that aren’t protected by anti-automation controls. Essentially, this allows us to launch unrestricted dictionary attacks on previously identified