Cybersecurity blog

Cybersecurity articles with security analysis and ethical hacking technics information

Fuzzing Tales 0x01: Yadifa DNS
Fuzzing Tales 0x01: Yadifa DNS

[...]

Read more
Vulnerabilities in Televes COAXDATA GATEWAY – CVE-2017-6532
Vulnerabilities in Televes COAXDATA GATEWAY – CVE-2017-6532

=============================== – Advisory – =============================== Title: Televes COAXDATA GATEWAY 1Gbps – Priv Escalation Risk: High Date: 19.Jul.2017 [...]

Read more
Protections against network privilege escalation
Protections against network privilege escalation

The application of perimeter security controls in each layer of any infrastructure as well as hardening measures in systems enable limiting an intruder lateral movement in the netw[...]

Read more
Kerberos tickets: Comprehension and exploitation
Kerberos tickets: Comprehension and exploitation

The main aim of this post is explaining the most common attacks that can be carried out in a security audit or pentest of Kerberos protocol used in Microsoft active directory domai[...]

Read more
AeroAdmin 4.1 Vulnerability – CVE-2017-8893 CVE-2017-8894
AeroAdmin 4.1 Vulnerability – CVE-2017-8893 CVE-2017-8894

Tarlogic Advisory: Tarlogic-2017-001 Title: Multiple vulnerabilities found in AeroAdmin 4.1 software. Discovered by: Juan Manuel Fernandez (@TheXC3LL) CWE-ID: CWE-119 Improper Rest[...]

Read more
Same-Site cookies against CSRF attacks analysis
Same-Site cookies against CSRF attacks analysis

CSRF vulnerabilities Cross-site request forgery (CSRF) vulnerabilities are extremely common in web applications. Despite they are known since a long time ago, we are used to find t[...]

Read more
How PHP Object Injection works
How PHP Object Injection works

PHP Object Injection enables the arbitrary manipulation of an object content that shall be unserialized using the PHP unserialize() function. This kind of web application vulnerabi[...]

Read more
What are “Watering Hole Attacks”?
What are “Watering Hole Attacks”?

[...]

Read more
1 3 4 5 6 7