First of all, let’s deal with the insecure configuration. To begin with, IT professionals often use manuals and resources like StackOverflow, many of which contain insecure commands and configs. A striking example is a news that the code most copied from StackOverflow contained an error. An experienced admin will see…

I am testing an API that uses JWT for authentication. This JWT is signed HS256 to prevent modification. I figured that if I define the secret key used in this signature, I can create my own JWTs. How can I crack the JWT’s private signing key? I ended up using…

WordPress is a fairly large and complex product, with its own pros and cons, so there are a sufficient number of tools that allow you to automate routine tasks. Nmap: * Version and theme detection using http-wordpress-info script nmap -sV --script http-wordpress-info * Password selection by dictionaries nmap -p80 --script…

Let’s Suppose the target system has the address-: "Https: // targetdomain" By accident, I noticed that some CSS and JavaScript resources were available on the subdomain responsible for authenticating on the site. The odd thing was that while browsing the end node (something like) I received an HTTP 404 response…

SIP messaging process The most revealing will, of course, be the exchange of signaling messages and traffic. Telephony → SIP Flows Here you will see all calls from this dump.

What is Rate Limit ? Rate limiting is used to control the amount of incoming and outgoing traffic from a network. If you are using a particular API that is configured to allow 100 requests/minute. If the number of requests you make exceeds that limit, then an error will be triggered I was recently invited…

Security Assertion Markup Language (SAML) is an open XML-based standard for exchanging authentication and authorization data between process parties Vulnerabilities are affected by the decisions of various SSO providers and several libraries using SAML SSO (Single Sign-On). Using the SAML protocol, users can access many of their cloud applications with…

What is Open Redirection? An Open Redirection is when a web application or server uses an invalidated user-submitted link to redirect the user to a given website or page. Even though it seems like a harmless action to let a user decide to which page he wants to be redirected. What is XSS? Cross-site scripting is a…

The Internet of things is a network of devices that are connected to the Internet, controlled through it, and can exchange data with each other. IoT devices can directly connect to internet through wireless or wired communication or they can connect using an IoT gateway, the use of the gateway…