@fuffsec (Page 2)

Sign in Subscribe

Secure Code Review (SCR) : A7 — Missing Function Level Access Control

Application Security

Secure Code Review (SCR) : A7 — Missing Function Level Access Control

In the vast landscape of web application vulnerabilities, Missing Function Level Access Control stands out as a significant concern. It…

Secure Code Review (SCR) : A6 — Sensitive Data Exposure

Application Security

Secure Code Review (SCR) : A6 — Sensitive Data Exposure

Sensitive Data Exposure is a critical security concern that occurs when an application does not adequately protect sensitive information…

Secure Code Review (SCR) : A5 — Security Misconfiguration

Application Security

Secure Code Review (SCR) : A5 — Security Misconfiguration

Security misconfiguration is a prevalent issue that can occur at any level of an application stack, including the network, platform, web…

Application Security

Secure Code Review (SCR) : A4 Insecure Direct Object Reference

Insecure Direct Object References (IDOR) is a common security vulnerability that occurs when a developer exposes a reference to an…

Application Security

Secure Code Review (SCR): A3 Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS) is one of the most prevalent, obstinate, and dangerous vulnerabilities in web applications. It allows attackers…

Application Security

Secure Code Review (SCR) : A2 Broken Authentication and Session Management

Secure Code Review: A2 Broken Authentication and Session Management

Application Security

Secure Code Review (SCR) : A1 Injection

Secure Code Review: A1 Injection

Secure Code Review (SCR)— Getting started

Application Security

Secure Code Review (SCR)— Getting started

This is going to be the first one in the series on code review. Here, we will talk about how to perform an efficient code review to find…

Understanding the Scammer’s Mindset: A Deep Dive into Cyber Fraud Psychology

Understanding the Scammer’s Mindset: A Deep Dive into Cyber Fraud Psychology

In the ever-evolving digital world, cybercrimes, particularly scams, are on the rise. As a cybersecurity professional, I often grapple with…

TryHackMe — File Inclusion (Using python)

TryHackMe — File Inclusion (Using python)

Link: https://tryhackme.com/room/fileinc

Reverse Engineering Series — 4

Exploit Development

Reverse Engineering Series — 4

TryHackMe WriteUp: Agent T

Exploit Development

TryHackMe WriteUp: Agent T

Challenge Name: Agent T by John Hammond

Hacking into United Nations: How I Exposed a Leaky Google Maps API Key and Entered the Hall of Fame

Application Security

Hacking into United Nations: How I Exposed a Leaky Google Maps API Key and Entered the Hall of Fame

Compliance as Code: Revolutionizing Regulatory Compliance with Automation

Compliance as Code: Revolutionizing Regulatory Compliance with Automation

With the rapid growth of technology and the increasing number of regulations, organizations need a more efficient approach to ensure their…

Unleashing the Power of Offensive Docker: A Short Guide

Unleashing the Power of Offensive Docker: A Short Guide

Red Teaming — AD (Kerberos Unconstrained Delegation Attack)

Red Teaming — AD (Kerberos Unconstrained Delegation Attack)

What is Kerberos delegation?

Red Teaming — AD (Kerberoasting)

Red Teaming — AD (Kerberoasting)

Kerberoasting may sound like a complicated cyberattack, but in reality, it is a straightforward technique that preys on human behavior and…

DevSecOps — Docker Security (with Syft and Grype)

DevSecOps — Docker Security (with Syft and Grype)

If you want to ensure the comprehensive security of your Docker images, Syft and Grype are two excellent tools that you can use. These…

Data Analysis for Cyber Security 101: Detecting Lateral Movement

Red Teaming — AD (Lateral movement with PSRemoting)

Lateral movement is a term used in cybersecurity to describe the movement of an attacker within a network after gaining initial access. In…

Red Teaming — AD Enumeration (GPO & ACL)

Red Teaming — AD Enumeration (GPO & ACL)

This is the continuation of the following blog:

Red Teaming — AD Enumeration (Domain, Objects & trust)

Red Teaming — AD Enumeration (Domain, Objects & trust)

Red teaming is a crucial aspect of cybersecurity that involves the simulation of real-world cyberattacks to identify vulnerabilities and…

Threat Hunting — (Threat Intelligence)

Threat Detection

Threat Hunting — (Threat Intelligence)

Threat hunting is a proactive security technique that actively searches for potential threats and vulnerabilities within a network. This…

Digital forensics and incident response — Introduction

Digital Forensics

Digital forensics and incident response — Introduction

Despite the efforts of security teams worldwide, security breaches and incidents continue to occur. To avoid being caught off-guard, the…

AWS Security — Weekly Dose (Getting started)

AWS Security — Weekly Dose (Getting started)

Amazon Web Services (AWS) is a cloud computing platform that provides a wide range of services to help organizations build, deploy, and…

CI/CD Security (Brief)

CI/CD Security (Brief)

Continuous Integration/Continuous Deployment (CI/CD) is a software development and deployment practice that has gained widespread adoption…