Category: Tips & Tricks
-
Prompt Injection – OWASP Top 10 for LLM
As someone who works closely with technology, I’ve always been fascinated by the potential of large language models (LLMs). They’re capable of amazing things, but as I’ve dug deeper, I’ve realized there’s a dark side to these tools. Prompt injection is one of the most interesting vulnerabilities I’ve come across because of how subtle—and dangerous—it…
-
How I passed GPEN
After passing my GCIH exam I’ve decided to pursue GPEN (OnDemand version) because of what was being covered in the course, how much everyone else recommended it to me, and its value on my resume and LinkedIn profile. About me I work as a Penetration Tester, mainly focusing on Cloud, Web, API, and recently, Large…
-
How I passed GCIH
Introduction I am a cybersecurity professional who is continually learning new tools and improving my skills to stay ahead in the field. My aspiration is to become one of the leading experts in cybersecurity, aiming to accomplish great things. Eventually, I envision establishing my own cybersecurity firm to assist individuals and companies globally in bolstering…
-
Indexing Your Books for GIAC Exam Preparation
GIAC books lack section numbers, which you, as the ‘learner,’ should add if you want to index the books for better exam preparation. I actually loved the books that way since it allowed for more customization. Indexing your books is crucial for GIAC exams, given that it’s an open-book exam (not an e-book; you cannot…
-
CSRF vs SSRF
Cross-Site Request Forgery (CSRF) and Server-Side Request Forgery (SSRF) are two distinct but equally critical web security vulnerabilities. Understanding the differences between them is crucial for securing web applications against potential threats. What is CSRF? CSRF, short for Cross-Site Request Forgery, is a security vulnerability that exploits the trust a web application has in an…
-
SSRF vs SQLi
Server-Side Request Forgery (SSRF) and SQL Injection (SQLi) are both web application security vulnerabilities that can allow attackers to gain unauthorized access to sensitive data or perform malicious actions. However, there are some key differences between the two vulnerabilities. What is SSRF? Server-Side Request Forgery (SSRF) is a vulnerability that allows an attacker to manipulate…
-
flaws2.cloud walkthrough | all flaws2.cloud levels
This blog provides a comprehensive walkthrough of flaws2.cloud, covering everything from Level 1 to Level 3 on the Attacker Path. Level 1 For this level, you’ll need to enter the correct PIN code. The correct PIN is 100 digits long, so brute forcing it won’t help. Instructions Clue: Brute-forcing won’t work with a 100-digit PIN, which…
-
flaws.cloud walkthrough | all flaws.cloud levels
This blog provides a comprehensive walkthrough of flaws.cloud, covering everything from Level 1 to Level 6. Level 1 This level is *buckets* of fun. See if you can find the first sub-domain. Instructions Clue: Based on initial observations, it is highly likely that the website is hosted on Amazon S3. To proceed, we should focus…
-
The Power of Encoding: Safeguarding Web Applications and Preventing Common Attacks
Introduction Encoding is a fundamental technique used in web development to ensure data integrity, prevent security vulnerabilities, and protect against various attacks. This blog focuses on the significance of encoding and how it can be leveraged to prevent common attack types, including Cross-Site Scripting (XSS), SQL injection, and Path Traversal. Understanding Encoding Encoding is the…
-
Turning HTTP into HTTPS for Free with Let’s Encrypt
TLS, HTTP, HTTPS, encryption, SSL, Let’s Encrypt, OpenSSL, web security, secure communication, data protection, certificate, cryptographic protocol, symmetric encryption, asymmetric encryption, SSL/TLS handshake, web server, domain validation, automatic certificate renewal