Collaborate Disseminate
WhatSender sends Bulk Whatsapp Messages directly from PC using whatsapp web.
How it works
Can this tool actually access messages and images from other chats?
Continue reading What are the security risks of using WhatSender tool?
I ssh to my AWS instances via WinSCP and it has public-private key authentication, password authentication is disabled. All the sessions are saved on WinSCP, so I click on the IP of the machine and I get logged straight in wi… Continue reading How secure is using Saving Session Feature on WinSCP?
I have to do a social engineering test for a friend’s small company. He wants to know how many people opened the mail and then opened the attachment. How can I do that? The file can be anything- pdf,excel or doc. We do not wa… Continue reading How to get the statistics of users opening the attachment in a phishing mail during a social engineering campaign test?
I am trying to find the reason that a certain webpage is not getting iframed even when X-Frame-Options header is absent.
Observation:
When I write an HTML with iframe tag pointing to the URL and save this file locally and ope… Continue reading X-Frame-Options Absent but cant load the page in iframe
Consider these two cases:
1) Impact on Confidentiality as High
2) Impact on Confidentiality as Low
Please note all other parameters are unchanged and environmental parameters are set as High.
Now, the score for Case 1 is 9.0… Continue reading Why does the CVSS3 score increase when the confidentiality impact decreases?
The users of the application will be the company employees who will access it over the company network and outside too. A penetration test needs to be done on the staging environment which will be done by a different team ins… Continue reading Risks involved in deploying staging environment externally
I came across this payload named “Shikata Ga Nai” (in Japanese it means nothing can be done about it). Some exe file was generated and when it is executed, a reverse shell can be obtained. But this can be done by many payload… Continue reading What is Shikata Ga Nai
Latest edition of OWASP Top 10 for web application was in 2013 and for mobile applications, it is 2016. Why is it so?
Can we say that the pattern in the web application vulnerabilities is settled? Will same thing happen to mo… Continue reading Why OWASP Top 10 (web application) hasn’t changed since 2013 but Mobile Top 10 is as recent as 2016?
I was reading this link on ASP.Net Authentication and Authorization and these 5 steps were there explaining NTLM authentication.
Client sends the username and password to the server.
Server sends a challenge.
Client responds to the … Continue reading Understanding NTLM Authentication Step by Step
Which tool should I use to check which NTLM authentication is used? Consider the fact that I am a user of the web application and not the owner.
Are there any security concerns if a site uses NTLM authentication comparing to form-based au… Continue reading How to check whether NTLM v2 or v1 is used for authentication?