Process Injection Process injection is an advanced penetration testing technique used by experienced penetration testers to introduce malicious code into non-malicious processes, infiltrating stealthily without detection and response solutions. Also referred to as shellcode injection, process injection employs various mechanisms and methodologies in its quest. We will explore its theory as well as different forms...
Electronics can be a challenging world, especially when working with UARTs, which makes understanding its inner workings essential. Unlabelled UART pins can present both beginners and experts with challenges; this user-friendly guide will walk you through identifying Ground (GND), Power (VCC), Data Reception (RX), and Transmission (TX) pins with the aid of multimeter measurements and...
At the forefront of cybersecurity lies an ever-present battle between web defenders and attackers; one such battleground is file uploads – an integral component of many web applications that, if neglected properly, can become an entryway for cyber threats to enter. Uploading web shells without authorization stands out as one particularly risky tactic that allows...
In the early 1980s, Philips Semiconductors (now NXP Semiconductors) introduced the I2C (Inter-Integrated Circuit) protocol, revolutionizing inter-device communication in electronic devices. With just two wires, SDA and SCL, I2C has become a standard for efficient data exchange and control signal transmission. I2C, or Inter-Integrated Circuit, is a bus interface protocol designed for serial communication. It...
Subdomain enumeration is a critical process for researchers, security professionals, and enthusiasts delving into web architecture. By uncovering and mapping subdomains, we can gain invaluable insights, uncover digital footprints, and strengthen cyber defences. In this blog, we will outline all tools available for subdomain enumeration that can assist us in mapping this intricate tapestry of...
Rust is an efficient systems programming language designed by Mozilla that stands out for its exceptional efficiency, strong memory safety guarantees, high-performance capabilities, and strong concurrency support. Long viewed as an alternative to C and C++ languages such as PHP or Ruby, Rust has quickly found favour among developers. This blog will delve further into...
SWD stands as one of the lesser-noticed vulnerabilities of hardware security. Used for debugging and programming embedded systems, SWD allows developers to communicate directly with microcontrollers located on hardware devices – offering convenience during development but providing an attack surface that malicious actors could exploit. We will delve into its depths here in this article...
Since the first time I studied JWT, I found it one of the most intriguing topics to discuss about web application security, and there are good reasons for this. Introduced in 2010, JSON Web Tokens (JWTs) only started gaining mainstream traction after 2018, marking them as a relatively modern technological advancement. Because it is new,...
