Our team researches and documents bleeding-edge security concepts and hacking techniques.
This blog explores these topics and more to keep you informed.
Exploiting Cross-Site Scripting (XSS) Vulnerabilities to Steal Cookies
What are Cookies? While browsing the internet, chances are that you’ve came across pop-ups that ask if you want to allow cookies. Instead of questioning what cookies are, the average user accepts the cookies and ...
Covert Remote LSASS Extraction
What is LSASS and why do we care about it? LSASS stands for Local Security Authority Subsystem Service. It stores passwords and password hashes of: Accounts that are logged into a Windows machine Any other ...
Web Application Injection Cheat sheet
Web applications are the services that websites offer as a way for users to interact with the site. Generally, whenever an end user can interact with an application in some way, their inputs need to ...
Gobuster Directory Enumerator Cheat Sheet
What is Gobuster? Gobuster is a brute-force scanner tool to enumerate directories and files of websites. It will also assist in finding DNS subdomains and virtual host names. Gobuster is written in the Go programming ...
How to Use ProxyChains
What is a Proxy? To be able to understand ProxyChains and how they operate, we first need to understand what a proxy is. A proxy or a proxy server is a system that acts as ...
Nmap Network Scanning Cheatsheet
What is Nmap? Nmap is a console based, free port scanning and network mapping tool originally released in 1997 by Gordon Lyon. Nmap allows a user to scan remote or local networks for open ports, ...
Are Your Cybersecurity Investments In Tools and Services Paying Off?
Finding, implementing, and supporting cybersecurity tools and services within an organization can be a daunting task for a company of any size. There is no shortage of cybersecurity tools and services available to address just ...
Why Critical Vulnerabilities Like Log4Shell Will Continue to Surface
What is Log4Shell? Log4Shell is a critical vulnerability that affects the Log4J Java logging library (versions 2.14.0 and earlier) bundled into the Apache logging services. The vulnerability allows remote code execution (RCE) by a malicious ...
Hacking 101: Getting Your Bearings
Network security is a unique field of IT, and unlike many other IT fields, it seems almost hostile to anyone new and looking to learn about pentesting. I’ve heard several statements that boil down to ...