FireEye & SolarWinds incidents: What happened?
A report that FireEye had been breached by nation-state hackers made the headlines. Shortly after, CISA issued an emergency directive about SolarWind'…
Category: App & Data Security
Content and resources related to Application and Data Security.
Building a Python data exfiltration tool
This tutorial explains how I created a hard drive crawler and extraction tool. This Python data exfiltration tool uses regex for matching desired data patterns…
What is Cross-Site Scripting (XSS)?
According to both OWASP and CWE, Cross-Site Scripting is one of the top 10 most dangerous web application security risks, and for good reason: OWASP’s…
Python For Beginners – FREE Resources!
This post is for those of you looking for resources about “Python for beginners” and “learning Python for free”! I talk to a lot of…
Get Started Using SQLMap for SQL Injection Pentesting
SQLMap is a popular open-source penetration testing tool used to detect and exploit SQL injection vulnerabilities. In prior posts, we looked at general concepts of…
4 steps to getting started securing applications
A lot of times, especially when you join smaller organizations, there are no (or very few) formal processes in place. The approach taken to secure…
Uploading Backdoor Shells with Weevely and Commix
Now that we’ve reviewed OS Command injection concepts like how they work, the impact they can have, and techniques that can be used to exploit…
OS Command Injections: How they work, and example techniques
When I first heard the term OS Command injections, or “Shell injection” as some people refer to it, I don’t know why but I assumed…
Cybr Lesson #1: Mistakes Made & Lessons Learned the EASY Way!
I love quotes! I mean… really love them. In just one or two lines I can get or give the inspiration or motivation I need…
How I made an advanced Python Keylogger that sends emails
I made a Python keylogger that sends emails containing recorded data from the target machine, and this post explains how it works! This program is…