InfoSec Write-ups·4yAttacks on JSON Web Token (JWT)
In this article, we will discuss the attacking part on JWT, which is the hacker’s favorite part. Abusing None algorithm is used to generate a JWToken. In that case, anyone can create a forge JWT Token and submit it to a resource server because there is no signature available in the token.
Pointer·4y5 Best Practices for Securing SSH
SSH is the industry standard for both security and efficacy for remote server access. As with any software, SSH is only as secure as configurations applied to the server and client configurations. In this article, we’ll explore five SSH best practices you should observe to boost the security of your infrastructure.
System Weakness·4yHow I steal your credentials 😎
In this blog I want to show you how easy it is to create a pishing campaign to target a company or simply an individual with the intention of appropriating someone else’s credentials. Disclaimer, this blog is for educational purposes only! To do this we simply need: Linux OS, setoolkit, Ngrok and a simple HTML template.
DEV·4ytarget="_blank" is a security risk?
When we open a new tab link window.opener get triggered which made a limited access to the specific tab opened. As we all use target="_blank" to open the link into new tab of a window but everyone should know a risk inside it. Do not forget to add relation attribute in your link tag rel=noopener noreferrer.
System Weakness·4yWiFite2 Automated WiFi hacking tool
Wifite2 is a powerful tool that automates WiFi hacking, allowing you to select targets within your adapter’s coverage area. The type of encryption, default settings of the manufacturer, and the number of connected clients can determine how easy it will attack the target. WiFite2 works much faster due to the reduction of time for the attacks themselves and the use of more advanced tactics.
System Weakness·4yHow To Hack A Whatsapp Account Through MAC Spoofing Attack
How To Hack A Whatsapp Account Through MAC Spoofing Attack. Mobile Phone Rooted Target’s Phone for 5 minutes Busybox and Terminal App installed on your android device Wifi Scanner (if you can’t reach the target”s phone for getting his / her mac address through settings)
Sweetcode·4ySecurity Best Practices in PHP
According to a 2019 report by Accenture , security vulnerabilities have surged by 67 percent since 2013, including web apps that use PHP. PHP web applications are vulnerable to a variety of attacks, including cross-site scripting (XSS), SQL injection, local file inclusion, and path traversals. As a result, recommended practices for securing PHP applications are a necessity.
The Hacker News·4yApple Pays $100,500 Bounty to Hacker Who Found Way to Hack MacBook Webcam
Security researcher Ryan Pickren, who discovered and reported the bugs to the iPhone maker, was compensated with a $100,500 bug bounty, underscoring the severity of the issues. The issues specifically concern ShareBear, an iCloud file-sharing mechanism that prompts users upon attempting to open a shared document for the first time.