How to Get Started with Secure Code ReviewSince starting my secure code review challenges in December 2023 (https://github.com/dub-flow/secure-code-review-challenges), many people…Mar 6A response icon1Mar 6A response icon1
Session Token Security: Local Storage vs. CookiesOne of the discussions that keep coming up among cybersecurity professionals is where to store your session tokens for the most security…Sep 3, 2024A response icon2Sep 3, 2024A response icon2
Hacking Moodle Apps Via External FunctionsSo say you’re trying to hack an app that uses Moodle. You start by googling something like “hacking moodle” or “moodle common…Jul 24, 2024Jul 24, 2024
Hacking Large Language Models — A Case StudyIn this article, I will show how I was able to “jailbreak” a language model and make it drop its “no I won’t do this” attitude entirely…Jul 16, 2024Jul 16, 2024
Subdomain Takeover: What is It? How to Exploit? How to Find Them?In this article, we shed light on Subdomain Takeovers and discuss 3 things:May 15, 2024May 15, 2024
How Secure is Java’s SecureProcessing?If you’ve ever worked with secure XML parsing in Java (to prevent XXE Injections), you probably have come across an XML parser flag named…Mar 16, 2024Mar 16, 2024
Found a Vulnerability? 3 Easy Steps to Submitting a CVE!In my recent post, I talked about the methodology that I used to find most of my 25 CVEs (you can find this article here…Feb 26, 2024A response icon3Feb 26, 2024A response icon3
The Easiest Way to Find CVEs at the Moment? GitHub Dorks!In this article, I will demonstrate how I used GitHub dorks to find 24 vulnerabilities in popular open-source projects in just a few weeks…Feb 8, 2024A response icon8Feb 8, 2024A response icon8
How I Became an Ethical HackerPeople often ask me how they can break into the field of cybersecurity (and, particularly, ethical hacking). I understand times are tough…Dec 10, 2023A response icon2Dec 10, 2023A response icon2
Predicting a “Random” NumberHave you ever looked at a code snippet that creates for example a password reset token or something, uses a non-cryptographically secure…Nov 28, 2023Nov 28, 2023
