Adaptability and Perseverance – Breaking Down the 2023 CrowdStrike Global Threat Report
Here are our key takeaways from CrowdStrike's 2023 Global Threat Report. Discover the latest threat trends and explore recommendations for staying ahead of threats.
Posted on May 23 / 2023
Hacker's Perspective: A Modern Approach to Cross-Site Request Forgery
Learn how to locate and exploit Cross-Site Request Forgery (CSRF) vulnerabilities in modern web applications by understanding client-side and server-side code interactions, CSRF tokens, and SameSite cookie policies.
Posted on May 10 / 2023
Hacker’s Perspective: Securing JSON Web Tokens
If you are a modern-day developer, you’re probably plenty familiar with JSON Web Tokens (JWT’s). They perform their job efficiently when correctly implemented. Unfortunately, they can also be vulnerable to malicious threat actors.
Posted on Nov 28 / 2022
DEF CON 30 in Review: How the Echelon Team Won a Black Badge, and a Black Badge Breakdown
Buckle up for the story of how the Echelon team won the coveted DEF CON Black Badge, and dive deep into Ross Flynn's detail breaking down the Black Badge.
Posted on Sep 13 / 2022
Hacker’s Perspective: Web App Vulnerabilities - An In-Depth Look at Attacking File Uploads
File uploads are ubiquitous, making them a prime target for attackers. Here's how ethical hackers test your resilience against these kinds of attacks.
Posted on May 25 / 2022
Hacker’s Perspective: Web App Vulnerabilities - Algolia API Keys
Are you exposing your company's internal data? Algolia APIs are extremely useful for efficient access to stored data, but the keys used to access them are easily misconfigured and can give attackers access to allow an attacker to launch a site-wide attack.
Posted on May 16 / 2022
Right in your Lapsus$ – How Attackers are Playing a Different Game
Many cutting-edge security programs base their defenses on sophisticated, nation-state level threat actors. How, then, have so many of them gotten hacked recently by a new and less-sophisticated group, Lapsus$?
Posted on Apr 19 / 2022
eLearnSecurity’s Web Application Penetration Tester eXtreme: Overview and How to Prepare for the Exam
The eWPTX is an expert-level certification covering advanced web application exploitation and analysis. Here’s one cybersecurity consultant’s experience and tips on how to prepare.
Posted on Mar 17 / 2022
How Safe is it to Scan a QR Code?
QR codes are clever (just ask Coinbase), but they can be security nightmares. Here’s what our CEO, Dan Desko, had to say when he was interviewed about this year’s Super Bowl ad.
Posted on Feb 15 / 2022
Hacker’s Perspective: Web App Vulnerabilities – Hacking GraphQL
GraphQL is a commonly used query language for manipulating APIs. Properly secured, it is a useful tool for web application development. Configured improperly, it can have devastating results.
Posted on Jan 31 / 2022
Hacker’s Perspective: Web App Vulnerabilities – Password Reset Feature
Password Reset features can be dangerous and must be implemented securely. Otherwise, user accounts can be compromised.
Posted on Jan 24 / 2022
Hacker’s Perspective: Web App Vulnerabilities – Detailed Error Messages
Detailed error messages may seem unimportant, but they can be very valuable for attackers. Here's more on why they are important and how you can fix this web app vulnerability.
Posted on Jan 18 / 2022
Hacker’s Perspective: Web App Vulnerabilities – Invite Feature
Hidden dangers within your web app’s ‘invite’ feature, why it matters, and how you can fix it.
Posted on Jan 13 / 2022
A Hacker’s Perspective: How to Create a Strong Password (Hint, Length Matters!)
From a hacker’s perspective, the essence of password security boils down to two things: how guessable is it and how easy is it to crack encrypted passwords. Here are our tips for creating stronger passwords.
Posted on Aug 24 / 2021
A Hacker’s Perspective: Top Three Ways to Mitigate Modern Phishing Techniques
More people fell victim to phishing than any other form of internet crime in 2020, and this trend is likely to continue. But phishing is not just prevalent - it is evolving. Here are three mitigation strategies for modern phishing techniques, from the perspective of a hacker.
Posted on Aug 04 / 2021