Understanding NTLM Authentication and NTLM Relay Attacks In an office environment, user workstations generally use Windows operating systems and therefore authenticate using protocols developed by Microsoft.... 08.07 Infra & Network
Exploring LLM Vulnerabilities and Security Best Practices You’ve probably heard about the arrival of LLMs in a big way, at least with ChatGPT. LLM (Large Language Model) refers to language processing mo... 13.05 Applications
GraphQL API Vulnerabilities, Common Attacks and Security Tips Developed in 2012 and made open source in 2015 by Facebook, GraphQL (Graph Query Language) has been under the umbrella of the GraphQL Foundation since... 13.05 Applications
Identification and Authentication Failures: OWASP Top 10 #7 Authentication and, by extension, user identification are central to web applications. These two mechanisms are used to manage rights and access (for ... 15.04 Applications
Modifying Java Serialized Objects as Easily as JSON Often, when we hear about Java serialization, we find resources or challenges that only talk about generating and executing ysoserial payloads. In som... 11.04 Applications
What is a DoS Attack? Types, Exploitations and Security Tips In the space of 5 years, the number of Denial of Service (DoS) attacks has almost doubled. The result is the paralysis of tens of millions of web plat... 11.04 Applications
Black Box Penetration Testing: Objective, Methodology and Use Cases During a penetration test, we generally consider 3 test conditions: black, grey or white box. These test conditions correspond to the levels of inform... 11.03 Applications
White Box Penetration Testing: Objectives, Methodology and Use Cases When pentesting a web application, an API or an internal network, there are generally 3 approaches: black box, grey box and white box testing. These a... 29.02 Applications
Antivirus and EDR Bypass Techniques Antivirus, anti-malware and EDR are tools commonly used to prevent attacks. However, these solutions can be bypassed. In this article, we take a close... 23.02 Applications
Smishing (SMS Phishing): How to Identify Attacks and Protect Yourself? What is Smishing? You will no doubt be familiar with phishing, which consists of sending malicious emails to encourage people to perform sensitive act... 05.02 Phishing & Social Engineering
Penetration Testing: Methodology, Scope and Types of Pentests With cybersecurity risks on the rise, it is becoming more and more obvious to carry out a penetration test (pentest) to reassure customers, partners a... 05.02 Applications
