Hacking Archives — Page 2 of 3

In Web Application Security

Using Threat Modeling in Cybersecurity to Hunt and Remediate

October 10, 2022 7 Mins Read

Modern-day cyberattacks keep growing in sophistication and sheer volume. This dynamic makes it virtually impossible to detect and block all attacks using the traditional methods of comparing incoming requests to known attack signatures. To effectively operate in this new aggressive cyberthreat environment, it is paramount that IT operations, developers, and DevSecOps adopt a proactive defense mindset. Threat hunting is all about having that powerfully proactive mindset. The underlying goal of threat hunting is to detect,…

In API Security

What stealthy attacks are hiding in API data — and why do most WAF miss them?!

January 19, 2022 3 Mins Read

Is JSON really more secure than other data encoding formats? JSON is a serialization format that allows users to (1) send objects as strings and then (2) it sends applications to recover objects from those strings. So, the short answer is that the JSON format as dangerous as other serialization formats.

In API Security

XXE that can Bypass WAF Protection

May 3, 2023 5 Mins Read

When it comes to XXE issues, hackers have multiple ways to take advantage of WAF configurations. We are going to show you four ways hackers trick WAFs, sneaking XXE issues past their defenses. 4 hacker XXE methods for bypassing WAFs: Extra document spaces Invalid format Exotic encodings One doc: two types of encoding Once you understand the issue, you should be able to restore the fire to your defenses. We will show you how. A…

In Web Application Security

Six Xmas Gifts for the Pentester in your Life

November 10, 2022 2 Mins Read

Some of my best friends are ethical hackers. With the holidays approaching, these special people in my life will need special presents. Whether they are bounty hunting, pentesting as a part of a consulting project, doing security research to advance the field or working on a Red Team, they will want tools and information to make their life easier in the new year. Pick one of the Xmas gifts from the list below, and you…

In Web Application Security

Cache poisoning and other dirty tricks

January 20, 2022 3 Mins Read

by @bo0om, Wallarm Research Caching is a great technology practice. It makes life better for everybody — clients get the data faster, servers expend fewer resources and so on. There is even a whole CDN industry that was built to deliver caching as a service. There are many examples of caching configuration and tuning, but what I would like to talk about today are possible vulnerabilities in the caching techniques and methodology. Some environments are configured in…

In Web Application Security

Drupalgeddon Two.

June 24, 2021 5 Mins Read

New Drupal Vulnerability in Detail By @aLLy The second Drupalgeddon has come! It is a new variant of a critical vulnerability in one of the most popular CMSs, which caused a big stir. This newly-discovered breach allows any unregistered user execute commands in the target system by means of a single request. The problem is further aggravated by the fact that it puts all the most current versions of the application (7.x and 8.x branches, up…