For some reason, Cross-Site Request Forgery has been a vulnerability I have had a hard time getting a full understanding of so I thought it would make a good topic for one of these posts. Before we can get into examples though, let's talk about what Cross-Site Request Forgery (CSRF) is. OWASP defines it as "an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated." They go into more detail, but let's pull that apart first. CSRF is all about having something happen within the context of a targeted…
A look at a few possible misconfigurations in Docker which allow you to execute commands on the host.…
A quick look at a neat feature of Cobalt Strike: the system profiler.…
Quick and easy "Red Team" testing.…
Koadic is a COM Command & Control tool used for Windows post-exploitation.…
An overview of MITRE's ATT&CK framework.…
A look at the various directories and subdirectories found on Linux.…
My thoughts on eLearnSecurity's Web App Penetration Testing course.…