Introduction Vulnerability chaining, also known as exploit chaining, is the process of combining multiple vulnerabilities to achieve a more significant or impactful attack by exploiting
Category: Web security
WinRAR RCE Vulnerability Spotlight: APT29’s Zero-Day Tactics
In early September 2023, APT29, a group affiliated with Russia’s SVR, targeted multiple embassy offices using a WinRAR vulnerability. Their cyberespionage aims hinted at geopolitical motives. Exploiting CVE-2023-38831, the attackers executed a phishing campaign using a deceitful PDF, demonstrating the critical role of cybersecurity awareness and regular software updates in preventing such attacks.
Trench Tales: The College Account Takeover That Never Happened
A story of mass-discovery of LDAP Anonymous Binding leading to the account takeover of all members of a college. Explore the methodology, the challenges and the discoveries of this research project.
Web Cache Deception attacks
Do you have vulnerabilities that you just love to exploit? I know I have a few and one of them is web cache deception. Is
How to get your first CVE
When doing a Penetration testing exercise against Web applications, you will always come across to up-to-date WordPress instances. No public CVEs and no publicly known exploits for WordPress Core and WordPress Plugins. And yet, is the website really secure?
Practical GraphQL attack vectors
On a recent engagement, we found an instance of GraphQL on a server and I noticed that there are not many articles describing the different
Security Café 