Request forgeries (CSRF, XSRF, SSRF)
In 2020, CheckPoint Research announced multiple vulnerabilities in the popular social media application named TikTok. One of the found vulnerabilities allowed an attacker to delete…
Category: Ethical Hacking
Ethical Hacking Courses
Intro to AWS Pentesting (with Pacu)
In this article, you’re going to learn how to hack AWS cloud environments so that you can find exploitable vulnerabilities in your own AWS accounts…
Exercise types (red/blue/white/purple teams)
We’ve talked about how we can use vulnerability scans, penetration tests, and bug bounties to find vulnerabilities in our systems. Another approach you may have…
What are SQL Injections? // Explained in 180 seconds
Whenever you visit a website or use some kind of application, that website or app needs to pull data from a database. For example, let’s…
Important pentesting concepts for the Security+
You’ve been running vulnerability scans on a regular basis, you’ve expanded that into a broader vulnerability assessment approach, and you’ve been fixing everything that’s been…
Useful IP widget for CTFs
Who can’t use more convenience? If you’re familiar with VPN profiles when it comes to CTF programs like THM and HTB, I’m sure you’ve forgotten…
How a pentester struggled with bug bounties until this new mindset helped him breakthrough
"It was a long, arduous, journey to finding my first bug." Then one day, Hakluke attended a talk by @shubs that changed his mindset about how to appro…
What you need before submitting a bug bounty report
I’m writing this because I’ve been seeing people struggle to understand when they’re ready to submit a bug report. Maybe they find something interesting as…
How to fix ‘does not contain valid cloaked content ‘ in sqlmap
While working through my Practical Guide to sqlmap for SQL Injections course, I ran into an issue with sqlmap’s included shellcodeexec. There was an error…
New course: The Practical Guide to sqlmap for SQL Injection
Ever since launching our Injection Attacks: The Free Guide course, we’ve received numerous requests to continue building SQL injection-related content, including how to use the…