The internet is a dangerous place, full of vulnerabilities attackers leverage to malicious ends. One of the more common vulnerabilities that websites face is cross-site scripting (XSS) attacks. XSS attacks can have serious consequences, ranging from stealing sensitive information to defacing websites. Without wasting any time, let's jump into what XSS is, how it works, and how to mitigate it on your websites.
Brooklyn Nine Nine is an easy, beginner-friendly capture the flag exercise on TryHackMe. It features two different routes to gain both the initial foothold and the root flag. These avenues include weak passwords, poor FTP configuration, cleverly hidden credentials, and misconfigured sudo permissions.
Wgel CTF is an easy, beginner-friendly capture the flag exercise on TryHackMe. It features bad code commenting practices, a publicly available SSH key, and poorly configured sudo permissions which lead to exfiltration of data from the target server.
In cybersecurity, there is a buzzword I've seen some confusion about online recently. It's called zero trust, and though it sounds like vague corporate-ese at first, it actually represents a necessary approach to digital security.
Cyber threats are constantly evolving, and IT professionals need to be prepared for the worst at all times. Zero trust is a valid part of defense in depth and the principle of least privilege within a network or series of networks. But what exactly does that mean?
In infosec, there is a seemingly never ending list of acronyms any cyber professional must be familiar with in order to work efficiently and effectively. One of those is a common vulnerability known as IDOR.
IDOR stands for Insecure Direct Object Reference, and it's a type of vulnerability that can have serious implications for the security of web applications if not properly addressed. But what is it exactly?
Bitwarden is one of the best password managers in the business. It's easy to use, open-source, secure, and cross-platform. Honestly, there are very few downsides to using Bitwarden.
And, as many of you may know, a password manager's best friend is a solid 2FA client. Though Bitwarden supports 2FA passwords from within the password manager as a premium feature, it's always been a better security practice to keep those two things separate.
Now, the team behind Bitwarden are helping up your security game by offering 2FA functionality in a separate app: Bitwarden Authenticator.
In the world of networking, two fundamental models serve as the backbone for communication protocols and standards: the OSI model and the TCP/IP model. Both models are quite similar, providing frameworks for how data is transmitted across networks at various stages of the process.
Understanding these models is crucial for anyone working in IT, cybersecurity, or any related tech field. But what exactly are they?
I am a huge fan of Flatpak applications on Linux. I like how they work. I like how easy they are to install. I like how you can control their permissions with such granularity. Etc.
Well now, I have yet another reason to love Flatpaks: easy installation reproducibility. Let me show you what I mean.
Simple CTF is an easy, beginner-friendly capture the flag exercise on TryHackMe. It features a vulnerable CMS, a weak user password, and misconfigured sudo user privileges that lead to root level access.
(Proton can now notify users when their information is found floating around the dark web.)
Proton's toolbox is ever expanding. From acquiring other companies like SimpleLogin or Standard Notes to building out features like Proton's Security Center, we have come to expect constant improvements from the Swiss-based company. Now, the aforementioned Security Center sees another update in the form up dark web monitoring.
Yesterday, the company announced a new feature that can notify users when Proton's system detects a breach affecting them and offers suggestions of how to mitigate risk. This retroactively includes breaches from up to two years ago and will include as many breaches as possible moving forward.