TRACKFLAW

This article details and explains to the reader the different approaches to a penetration test and how to make the right choice.

This article details how GitLab is vulnerable to the CVE-2023-7028 flaw and why it should not be publicly exposed.

Dive into the world of penetration testing with Trackflaw. Find out how to choose the right provider in 2024 with our expert advice. We highlight the importance of criteria such as experience, skills, certifications and methodology. Trackflaw stands out for its expertise, rigorous approach and strict confidentiality policy. Take advantage of our quality services and competitive rates to secure your IT system. Choose reliability and efficiency with Trackflaw.

OwnCloud is an open-source software providing a platform for online file storage, sharing services, and various applications. It is presented as an alternative to Dropbox, which is based on a public cloud. However, like all software, it suffers from vulnerabilities.

Dive into the depths of 'reverse tab nabbing,' an incredibly effective phishing technique. Discover how hackers cleverly exploit your browser tabs to redirect you to malicious sites while making you believe you are safely browsing familiar sites. Through a realistic scenario, we show you step-by-step how this attack unfolds and highlight the exploitable vulnerabilities. Learn essential measures to protect yourself, such as avoiding the use of the target=_blank attribute or incorporating rel=noopener noreferrer. This article is a must-read for strengthening your cybersecurity and thwarting modern phishing traps.

In the article 'Cisco CVE-2023-20198 - Creating a Botnet Network,' published on October 20, 2023, Trackflaw explores a critical privilege escalation flaw in Cisco IOS-XE. Rated 10 on the CVSS scale, this vulnerability allows an unauthenticated attacker to create an account with the highest privileges. Trackflaw details the exploitation steps, from creating an administrator account to installing an implant, restarting the service, and clearing traces. The author also discusses how to locate vulnerable hosts and the protective measures recommended by Cisco in the absence of a patch. The article includes reliable references and an animation summarizing the exploitation.

Discover how to bypass file upload mechanisms by exploiting a file upload vulnerability. I guide you through the sophisticated techniques used to upload a malicious file to a target system, illustrated with the example of the l33t-hoster challenge from the Insomni'hack Teaser 2019 CTF. Learn how to create a polyglot file and bypass anti-PHP protection, while understanding the necessary security measures to counter such attacks. An essential article for cybersecurity enthusiasts looking to deepen their knowledge of file upload security.

Dive into the depths of 'reverse tab nabbing,' an incredibly effective phishing technique. Discover how hackers cleverly exploit your browser tabs to redirect you to malicious sites while making you believe you are safely browsing familiar sites. Through a realistic scenario, we show you step-by-step how this attack unfolds and highlight the exploitable vulnerabilities. Learn essential measures to protect yourself, such as avoiding the use of the target=_blank attribute or incorporating rel=noopener noreferrer. This article is a must-read for strengthening your cybersecurity and thwarting modern phishing traps.