Security Awareness for all users

Category Masterclass

Learning Series: Command Injection Attack

What is Command Injection Attack? It’s an attack in which the bad guys’ objective on this activity will be trying to obtain the execution of arbitrary commands on a vulnerable application. Normally, the vulnerability exposes when the application has sent… Continue Reading →

Learning Series: Docker Escape Method

What is Docker Escape Method? Firstly, we are required to understand the importance of Docker escape or also containers escape which was infrastructure that is used by virtual or day-to-day operations for all enterprises. The case of cybersecurity incidents is… Continue Reading →

Learning Series: XML External Entity Injection Attack

What is XML external entity injection? XML external entity injection is a security vulnerability that normally allows a bad guy by executing the XML data of the application’s processing. A bad guy will able to view files on the application… Continue Reading →

Learning Series: How to detect vulnerabilities in the application

In this post, I would like to share my experience on how to detect some vulnerabilities within the application itself. A lot of people did ask me how I manage to detect any vulnerabilities with no information (blindly) at all… Continue Reading →

Learning Series: Server-side request forgery(SSRF) Attack

What is SSRF? For those who are not familiar with Server-side request forgery or also known as SSRF, it’s a vulnerability that resides within web applications that allow the threat actors to make a request for an unintended location. The… Continue Reading →

Learning Series: Cloud Penetration Testing (AWS)

In the post, i would like to share some knowledge on Cloud Penetration Testing for learning purposes What is Cloud Penetration Testing? There are some Penetration Testing that has been executed within the organization and one of them is Cloud… Continue Reading →

Learning Series: API Penetration Testing

What is API Penetration Testing? For those who are not familiar with API Penetration Testing, it’s a test activity that involves all the processes of vulnerability assessment and ensures that the client is implementing very solid endpoints for their APIs… Continue Reading →

Learning Series: Play around with Kerberos using the Impacket script

A little bit of explanation on Kerberos and Impacket In this post, I would like to share my knowledge and skills about the Kerberos which we will take advantage of Impacket script For those who are not familiar with Kerberos,… Continue Reading →

Learning Series: IDOR Vulnerability explained

In this post, I would like to share some information on the Insecure Direct Object Reference (IDOR) vulnerability. What is IDOR Vulnerability? For those who are not familiar with IDOR vulnerability, it’s an attack type that accesses control vulnerability that… Continue Reading →

Learning Series: SQL Injection attack method

In this post, I would like to share some knowledge about SQL Injection which can be useful during Penetration Testing activity. Before we went deeper into it, I will try to explain what is SQL Injection for those who are… Continue Reading →

« Older posts

© 2024 — Powered by Threatninja