TRACKFLAW

🕵️ How to choose the right penetration testing provider in 2024? Is an penetration test useful? The answer is yes! Penetration testing is an essential step in IT security. They help identify vulnerabilities in an IT system and correct them before they are exploited by malicious attackers. Choosing a penetration testing provider is an important decision. It’s important to select a reliable and competent provider, capable of delivering quality results.

💉 Reverse tab nabbing, phishing on steroids. Are you familiar with reverse tab nabbing? 🐟 Reverse tab nabbing is a phishing attack technique that involves redirecting a tab’s original page to a malicious one. This technique is particularly vicious as it can trick users into thinking they’re still on the legitimate site they originally visited. An example To help you understand this attack, here’s a realistic scenario. 1️⃣ A victim browses a vulnerable site and clicks on a teaser link pointing to https://legit-store.

🧟 Cisco CVE-2023-20198 - Or how to create your own botnet? Introduction On October 16, 2023, Cisco disclosed a critical privilege elevation vulnerability via the web interface under the identifier CVE-2023-20198 with a CVSS score of 10. Cisco claims that the vulnerability is widely exploited. The vulnerability allows an unauthenticated attacker to create an account with maximum privileges. There is no patch for this vulnerability at the moment.

📂 How to bypass file upload filter with .htaccess Introduction A file upload vulnerability is a security flaw that allows an attacker to drop a malicious file onto a target system. This malicious file can then be used to execute arbitrary code, steal data or cause other damage.

Outlook suffers from a lack of control over the user input that allows to configure the sound of a meeting and appointment reminder. Indeed, an attacker is able to force a victim to make a connection to its server without any manipulation from the user (zero click vulnerability). An attacker exploiting this vulnerability retrieves a NetNTLMv2 digest based on the password of the trapped user through an SMB request. The request is triggered as soon as the mail arrives in the inbox.