This is part 1 of a multi-part series exploring the intersection of artificial intelligence and cybersecurity. As AI systems become increasingly powerful and deeply integrated
Category: General security
WinRAR RCE Vulnerability Spotlight: APT29’s Zero-Day Tactics
In early September 2023, APT29, a group affiliated with Russia’s SVR, targeted multiple embassy offices using a WinRAR vulnerability. Their cyberespionage aims hinted at geopolitical motives. Exploiting CVE-2023-38831, the attackers executed a phishing campaign using a deceitful PDF, demonstrating the critical role of cybersecurity awareness and regular software updates in preventing such attacks.
Trench Tales: The College Account Takeover That Never Happened
A story of mass-discovery of LDAP Anonymous Binding leading to the account takeover of all members of a college. Explore the methodology, the challenges and the discoveries of this research project.
Practical Network Penetration Tester (PNPT): Real-life Penetration Testing exam – Tips & Tricks to pass the exam
The PNPT certification exam is a one-of-a-kind ethical hacking certification exam that assesses the ability to perform an external and internal network penetration test at a professional level.
Protecting Windows Credentials against Network Attacks
Over the years I’ve seen a lot of misconfigurations or a lack of configurations when it comes to protecting Windows credentials, hashes or Kerberos tickets.
Practical GraphQL attack vectors
On a recent engagement, we found an instance of GraphQL on a server and I noticed that there are not many articles describing the different