Phishing Campaign: Objectives, Methodology, Spear and Mass Phishing Examples Phishing remains one of the most formidable and widely used techniques in cyber attacks. Exploiting human weakness, this method consists of tricking v... 21.02 Phishing & Social Engineering
Content Security Policy Bypass Techniques and Security Best Practices Content Security Policy (CSP) is an essential security measure for protecting web applications against certain types of attack. By defining strict rul... 12.02 Applications
What is Object Injection? Exploitations and Security Best Practices Object injection is an application vulnerability that occurs when an application deserializes untrusted data. If an attacker manages to inject a malic... 07.02 Applications
What is Blind SQL Injection? Attack Types, Exploitations and Security Tips Blind SQL Injections are a category of SQL injection. Unlike traditional SQL injections, they do not directly provide the results of queries or detail... 04.02 Applications
What is Kerberoasting? Attack and Security Tips Explained Kerberoasting is a common attack in Active Directory environments. It is based on a weakness in the Kerberos protocol, but its exploitation requires s... 04.02 Infra & Network
How to Detect Secrets? Tools and Techniques Before discussing techniques and tools, it is essential to define the ‘secrets’ sought during penetration tests. These secrets are generally private c... 13.01 Applications
XPath Injections: Exploitations and Security Tips Although XML is an old language, it is still widely used, particularly in the banking sector. If you’re a pentester or a developer, you’re... 13.01 Applications
AWS Penetration Testing: Objectives, Methodology and Use Cases AWS is a prime target for attackers. Its growing popularity and strategic role make it an attractive service. To limit the risks, it is crucial to put... 07.01 Cloud
What is Buffer Overflow? Attacks, Types and Security Tips Buffer overflow is one of the oldest and most exploited vulnerabilities. Despite this long history, they remain a major threat today. Whether on serve... 06.01 Applications
Active Directory Pentesting: Objective, Methodology, Black Box and Grey Box Tests Active Directory (AD) is at the heart of many organisations’ IT infrastructure. It manages authentication, authorisation and access to critical ... 02.01 Infra & Network
