In this tutorial, we illustrate how a threat actor could leverage the capabilities of a web server to be the means in the attack itself.
penetration testing
-
-
In this tutorial, we illustrate how a hacker can easily bypass Cloudflare WAF using a Command Injection attack vector that was publicly released by a security engineer.
-
In this tutorial, we will illustrate some of the techniques that hackers may utilize in their malicious code to easily bypass the XSS filters in web applications.
-
Testing Vulnerable Web Applications For Local File Inclusion, Server Side Request Forgery, Open Redirect, & Path Traversal
By Sunny HoiBy Sunny HoiIn this tutorial, we will illustrate how to test vulnerable web applications for security vulnerabilities such as Local File Inclusion (LFI), Server Side Request Forgery (SSRF), Open Redirect, and Path Traversal.
-
In this tutorial, we illustrate how a hacker can exploit a Remote Code Execution (RCE) vulnerability to hack a vBulletin forum.
-
In this tutorial, we will analyze how potential victims are fooled by convincing phishing emails that state that servers errors are delaying message delivery. The HEX Encoding technique permits hackers to bypass Microsoft Office 365 Advanced Threat Protection.
-
In this tutorial, we will examine how hackers, nation-state actors, and cybercriminals use percent-encoding to deceive and bypass secure email gateways implemented by companies.
-
In this tutorial, we are going to show you how a hacker can replicate an unauthenticated remote code execution using this exploit. More significantly, we are going to analyze the exploit via the Metasploit module.
-
-
Enabling WordPress File Editors & Installers In wp-config.php After Hacking A Website
By Sunny HoiBy Sunny HoiIn this tutorial, we will show you how a hacker can enable WordPress file editors & installers in wp-config.php after hacking a website, ultimately bypassing the security hardening done by the site administrator.