Blog

Unveiling SSL/TLS Vulnerabilities: A Red Teamer’s Guide To Exploiting Weaknesses With SSLScan And TestSSL

November 23, 2023November 27, 2023

SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are cryptographic protocols that ensure secure communication over the internet. They provide data encryption, authentication, and integrity verification to protect sensitive information transmitted between a user’s web browser and a website, or between servers. This security is crucial for… Read More »Unveiling SSL/TLS Vulnerabilities: A Red Teamer’s Guide To Exploiting Weaknesses With SSLScan And TestSSL

NoSQL, means “not only SQL,” refers to a broad category of database technologies that are intended to manage huge volumes of unstructured and semi-structured data.

Detecting NoSQL Injection

November 22, 2023January 10, 2024

SQL Injection is an evergreen vulnerability being discovered on a regular basis in enterprise products and open source libraries as shown by the below chart. Apart from SQL Injection, there are multiple types of injection vulnerabilities such as Command Injection, Nosql injection, OS injection, HTML injection etc. Over the past… Read More »Detecting NoSQL Injection

Critical CVEs And Active Threats This Week (November 13th – 17th)

November 20, 2023January 10, 2024

This week from November 13 to November 17, Firecompass research identified a huge number of CVEs that are high in severity and ransomware, botnets, and threat actors creating havoc. Some of the CVEs identified are of popular commercial products used by variants of industries and somenew & well known malwares… Read More »Critical CVEs And Active Threats This Week (November 13th – 17th)

How Do Attackers Utilize .git For Fun And Profit?

November 17, 2023January 10, 2024

Security teams are busy fixing CVEs, SQLi, and other critical vulnerabilities. However, exposing .git can potentially leak credentials, source code and other sensitive information. In this blog, we will uncover the dangers of hidden exposed .git, and how to identify and mitigate the relevant risk. Introduction In the realm of… Read More »How Do Attackers Utilize .git For Fun And Profit?

Critical CVEs And Active Threats This Week (November 6-10, 2023)

November 13, 2023February 22, 2024

This week from November 6 to November 10, FireCompass research identified a huge number of CVEs that are high in severity and ransomware, botnets, and threat actors creating havoc. Some of the CVEs identified are of popular commercial products used by variants of industries and some new & well known… Read More »Critical CVEs And Active Threats This Week (November 6-10, 2023)

« Previous
1
…
6
7
8
9
10
…
41
Next »