Cyber Security
Cybersecurity is protecting digital information, devices, and networks from unauthorized users.
-
Mar 24, 2022, 2:20 AM UTC 139 Views 0 Likes 0 Comments
Meet a jr dev, hacker, and sr engineer on their quest to make a secure Python web app!
-
Mar 28, 2022, 3:29 AM UTC 1117 Views 1 Likes 1 Comments
Using a simple flask hello world app to show how a hapless dev can easily introduce a vulnerability. We then exploit the vuln and fix it :)
-
Mar 28, 2022, 8:31 PM UTC 104 Views 0 Likes 0 Comments
Installing and running a flask app on Ubuntu to follow along with my other videos Github repo for this series: https://github.com/JesusAlexV/Python-Sec-Cast
-
Apr 4, 2022, 2:54 AM UTC 118 Views 0 Likes 0 Comments
GET and POST are more than just semantics. For security engineers, choosing one or the other has real safety consequences. https://cwe.mitre.org/data/definitions/598.html
-
Apr 4, 2022, 8:28 PM UTC 433 Views 1 Likes 0 Comments
Remember in 2006 when the coolest hack imaginable was putting the words "YOU'VE BEEN HAXXORED" on your favorite forum? Well we're taking a trip to the past to explore one common way that web page defacement is accomplished: CSS injection
-
Hacker's Guide to ⭐Dorking⭐
@jesusvilla 6029 ViewsApr 10, 2022, 5:06 AM UTC 114 Views 0 Likes 1 CommentsDorking is a common technique used by hackers to gain access to random machines Github says case sensitive code search coming soon: https://github.com/github/feedback/discussions/9759 Finding good dorks: https://github.com/techgaun/github-dorks#list-of-dorks
-
Apr 20, 2022, 2:33 AM UTC 140 Views 0 Likes 0 Comments
What if you want to rely on user-supplied input to run a command on your system? In this cast, we'll see how a naive developer introduces a vulnerability by combining Python with system commands, and how to fix it. Let's go!
-
Apr 20, 2022, 3:57 AM UTC 120 Views 0 Likes 1 Comments
When you type `python` in the terminal on MacOS, you may not get what you expect.
-
Stored XSS using SVG
@jesusvilla 6029 ViewsApr 20, 2022, 4:32 AM UTC 268 Views 1 Likes 1 CommentsSVG is a popular image format. But many users don't know that it can run arbitrary JS code in the browser
-
May 6, 2022, 2:54 AM UTC 138 Views 0 Likes 0 Comments
From the halcyon days of Anonymous hacktivism, to today's blackmailers taking down services for ransom, DoS is a perennial weapon in the blackhat arsenal
-
May 6, 2022, 5:27 PM UTC 404 Views 0 Likes 0 Comments
Sometimes, we can trick the server into making requests for us. This can be exploited to access sensitive internal data.
-
May 9, 2022, 1:12 AM UTC 197 Views 0 Likes 0 Comments
Let's say you log into a site and load your messages. You notice the messages each have an ID number. What if you could put in a different ID number, and access someone else's messages?
Looks like you've reached the end!