How to

Footprinting Firewalls

Footprinting Firewalls | Reconnaissance Tutorial [FREE COURSE CONTENT]

Just your average information security researcher from Delaware US.

In this video, you will learn how to footprint firewalls on a target. This lesson comes from Module 1, so just the start of our adventure – if you want to learn more, join the full course! Full course: hakin9 Recent Cyber Academy Posts: Recent CyberSecurity News: Suggest an edit to this article Cybersecurity Knowledge …

Footprinting Firewalls | Reconnaissance Tutorial [FREE COURSE CONTENT] Read More »

Brute-Forcing Two-Factor Authentication | Exploiting Authentication and Access Control Mechanisms with Burp Suite [FREE COURSE CONTENT]

Brute-Forcing Two-Factor Authentication | Exploiting Authentication and Access Control Mechanisms with Burp Suite [FREE COURSE CONTENT]

Just your average information security researcher from Delaware US.

In this video tutorial, you will see how to bypass multi-factor authentication with brute-force attacks. It is a part of an online course ‘Exploiting Authentication and Access Control Mechanisms with Burp Suite’ by Christian Barral López. Start now! Full course: hakin9 Recent Cyber Academy Posts: Recent CyberSecurity News: Recent Vulnerability News: Recent Data Breach News: …

Brute-Forcing Two-Factor Authentication | Exploiting Authentication and Access Control Mechanisms with Burp Suite [FREE COURSE CONTENT] Read More »

malware

How to Run Threat Intelligence Analysis and Malware Research (Without Spending a Dime)

Just your average information security researcher from Delaware US.

In this post, I will walk you step-by-step through techniques that will enable you to run threat intelligence analysis and research malware without spending a dime.  Chapter Zero – Triggering My Inner Threat Intelligence Analyst and Malware Researcher Ego  I recently saw a blog post by Trend Micro in the Curated Intelligence Discord group. The blog post describes a rather interesting ransomware …

How to Run Threat Intelligence Analysis and Malware Research (Without Spending a Dime) Read More »

CCTV

Yes, Your Home Security Cameras Can Be Hacked

Just your average information security researcher from Delaware US.

But there are ways to prevent it from happening. Here’s how. Installing an internet-connected security camera in your house won’t necessarily bring a wave of hackers to your Wi-Fi network — but it also has happened before. For example, in 2020, an ADT home security customer noticed an unfamiliar email address connected to her home security account, a professionally monitored system …

Yes, Your Home Security Cameras Can Be Hacked Read More »

How to request a CVE

How to request a CVE: From vulnerability discovery to disclosure

Connect
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
RiSec.n0tst3
Connect

What is a CVE? A CVE, meaning Common Vulnerabilities and Exposure, is a publicly reported vulnerability in software products. Vulnerabilities are assigned CVE IDs to ensure clarity when discussing vulnerabilities in software products. Otherwise, it can be difficult to correlate reports of a single vulnerability since different organizations will assign them different names, and the …

How to request a CVE: From vulnerability discovery to disclosure Read More »

phishing

Types of Phishing Attacks & How to Identify Them: The Definitive Guide

Just your average information security researcher from Delaware US.

Every data breach begins with a phishing attack. To prevent your organization from becoming the next victim, you need to understand the different types of phishing attacks and how to identify them. Phishing is a type of cyberattack that uses fraudulent emails or websites to trick victims into sharing sensitive information, such as login credentials or financial …

Types of Phishing Attacks & How to Identify Them: The Definitive Guide Read More »

cve-2022-38970

ieGeek Security Vulnerabilities still prevalent in 2022 IG20

Connect
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
RiSec.n0tst3
Connect

Amazon’s “highly rated”, “recommended” ieGeek brand continues to present a number of security vulnerabilities. ieGeek Security Vulnerabilities On the 19th of Aug 2022 I set out to purchase a CCTV Camera from Amazon, I read over the reviews of the ieGeek IG20, and it seemed great, the value too. For just £29.99 I’d get myself …

ieGeek Security Vulnerabilities still prevalent in 2022 IG20 Read More »

Windows

Windows 11 Account lockout policy is enabled by default to block brute force attacks

Connect
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
RiSec.n0tst3
Connect

Starting with Windows 11 Insider Preview build 22528.1000 the OS supports an account lockout policy enabled by default to block brute force attacks. The lockout policy was set to limit the number of failed sign-in attempts to 10, for 10 minutes. “Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other …

Windows 11 Account lockout policy is enabled by default to block brute force attacks Read More »

preventing cross-site scripting

Preventing Cross-site Scripting (XSS) Web Security

Just your average information security researcher from Delaware US.

Cross-site scripting is one of the most common and popular web attacks. XSS is a command injection of the client side, it can result in any action that can be performed by the user. Mostly XSS is used for session hijacking where the attacker using javascript makes the victim transmit session cookies to an attacker-controlled …

Preventing Cross-site Scripting (XSS) Web Security Read More »

XSS Prevention Cheat Sheet

XSS Prevention Cheat Sheet Cross-Site Scripting -Extended

Connect
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
RiSec.n0tst3
Connect

What is XSS? Cross-Site Scripting in short XSS refers to the penetration of website security. A simple XSS vulnerability can act as a sitewide logger. To be honest, it does more damage to the user browsing the site than the web server itself. So yes, it is quite dangerous. Some people may confuse XSS with …

XSS Prevention Cheat Sheet Cross-Site Scripting -Extended Read More »