Link-Local Multicast Name Resolution (LLMNR), a seemingly important protocol in Windows environments, can be a silent accomplice for cyber adversaries seeking to exploit network vulnerabilities. Let us understand the technical intricacies of LLMNR and unravel how it can be exploited for reconnaissance purposes, examining each step from a Red Teamer’s perspective. Understanding LLMNR LLMNR is… Read More »Attack & Defend LLMNR: A Widespread Shadow Network Discovery Protocol
Followings are the interesting blogs from Endpoint Security domain:
To Know more about Endpoint Security Products & Services,
SQL Injection is an evergreen vulnerability being discovered on a regular basis in enterprise products and open source libraries as shown by the below chart. Apart from SQL Injection, there are multiple types of injection vulnerabilities such as Command Injection, Nosql injection, OS injection, HTML injection etc. Over the past 10 years, NoSQL databases have… Read More »Detecting NoSQL Injection
Security teams are busy fixing CVEs, SQLi, and other critical vulnerabilities. However, exposing .git can potentially leak credentials, source code and other sensitive information. In this blog, we will uncover the dangers of hidden exposed .git, and how to identify and mitigate the relevant risk. Introduction In the realm of software development, Git stands as… Read More »How Do Attackers Utilize .git For Fun And Profit?
In the realm of contemporary of Modern web applications, the prevalent architectural framework of choice often takes the form of microservices architecture. In this context, what appears to be a unified front-end application is essentially an amalgamation of numerous small, distinct micro-services on the back end, interconnected through a reverse proxy mechanism. Consider, for instance,… Read More »Attacking Modern Web Applications