Content spoofing (also known as content injection) is one of the most common web security vulnerabilities. It allows the end user of the vulnerable web application to falsify or modify the actual content of the web page. Requirements: Responsibility: In this tutorial, we will use hacking techniques for educational purposes only. We do not promote…
Online attacks are more frequent than ever, and this trend is likely to continue growing. In this article, we analyze CSV injection attacks and how to defend against them. Requirements: Responsibility: In this tutorial, we will use hacking techniques for educational purposes only. We do not promote their use for profit or improper purposes. We…
A script to remotely dump files and folders from a Windows SMB share Requirements: Responsibility: In this tutorial, we will use hacking techniques for educational purposes only. We do not promote their use for profit or improper purposes. We are not responsible for any damage or impairment that may be caused to the systems used.…
Today I bring you a very simple tutorial that many people have been asking me for. It’s about attacking Kerberos tickets, both golden and silver. First, to understand what Kerberos is, visit my post that talks about Kerberos Requirements: Responsibility: In this tutorial, we will use hacking techniques for educational purposes only. We do not…
Data exfiltration—also known as Data Exfiltration—refers to the unauthorized transfer of sensitive information outside a secure corporate environment. This risk has become one of the top security concerns, as it can lead to theft of confidential information, reputational damage, and significant financial losses. Requirements: Responsibility: In this tutorial we will use hacking techniques, with the…
This tutorial provides an in-depth exploration of the LockBit ransomware, one of the most sophisticated and dangerous ransomware strains in 2024. This blog is designed for cybersecurity professionals, IT administrators, and businesses aiming to understand the mechanics of ransomware attacks and how to defend against them. It combines technical insights, practical attack simulations, and mitigation…
Cybersecurity is a top priority in the digital age, where cyber threats to systems and networks are increasing every day. One of the key tools for protecting computer systems is the Host Intrusion Detection System (HIDS). This article details how HIDS works, its benefits and provides practical examples for a better understanding. What is a…
Security in corporate networks has become more complex with the increasing diversity of devices and users connecting to them. One of the most effective solutions for managing and securing network access is NAC (Network Access Control). This article explores in detail what NAC is, how it works, its components, and practical examples of its application…
In this series, I’m going to write about some basics in Linux kernel exploitation that I’ve learned over the past few weeks: from basic environment configuration to some popular Linux kernel mitigations, and their corresponding exploitation techniques. Requirements: Responsibility: In this tutorial we will use hacking techniques, with the only purpose of learning. We do…
Many people are asking me about Active Directory attack prevention methods and a good way for a critical vulnerability scan, which then leads me to get the domain administrator in fifteen minutes by simply exploiting misconfigurations in AD. Requirements: Responsibility: In this tutorial we will use hacking techniques, with the only purpose of learning. We…