How to Get Started with Secure Code ReviewSince starting my secure code review challenges in December 2023 (https://github.com/dub-flow/secure-code-review-challenges), many people…Mar 61Mar 61
Session Token Security: Local Storage vs. CookiesOne of the discussions that keep coming up among cybersecurity professionals is where to store your session tokens for the most security…Sep 3, 20242Sep 3, 20242
Hacking Moodle Apps Via External FunctionsSo say you’re trying to hack an app that uses Moodle. You start by googling something like “hacking moodle” or “moodle common…Jul 24, 2024Jul 24, 2024
Hacking Large Language Models — A Case StudyIn this article, I will show how I was able to “jailbreak” a language model and make it drop its “no I won’t do this” attitude entirely…Jul 16, 2024Jul 16, 2024
Subdomain Takeover: What is It? How to Exploit? How to Find Them?In this article, we shed light on Subdomain Takeovers and discuss 3 things:May 15, 2024May 15, 2024
How Secure is Java’s SecureProcessing?If you’ve ever worked with secure XML parsing in Java (to prevent XXE Injections), you probably have come across an XML parser flag named…Mar 16, 2024Mar 16, 2024
Found a Vulnerability? 3 Easy Steps to Submitting a CVE!In my recent post, I talked about the methodology that I used to find most of my 25 CVEs (you can find this article here…Feb 26, 20243Feb 26, 20243
The Easiest Way to Find CVEs at the Moment? GitHub Dorks!In this article, I will demonstrate how I used GitHub dorks to find 24 vulnerabilities in popular open-source projects in just a few weeks…Feb 8, 20248Feb 8, 20248
How I Became an Ethical HackerPeople often ask me how they can break into the field of cybersecurity (and, particularly, ethical hacking). I understand times are tough…Dec 10, 20232Dec 10, 20232
Predicting a “Random” NumberHave you ever looked at a code snippet that creates for example a password reset token or something, uses a non-cryptographically secure…Nov 28, 2023Nov 28, 2023
