Showcase_

Here are some samples of content that we have produced for our clients.

Card image cap
Guide to Picking an Attack Surface Management Solution | Trickest

Attack Surface Management is now a necessity for organizations large and small. The problem is, how do you pick the right solution? Read this article to find out. Read more.

Card image cap
Open redirect vulnerability | Tutorials & examples | Snyk Learn

Learn about the risks of exposing open redirects, how to exploit them and how to mitigate them. Read more.

Card image cap
Top 5 OSINT Sources for Threat Intelligence - SpiderFoot

In this post we explore the top 5 APIs (and a few more!) that provide useful OSINT for threat intelligence. Read more.

Card image cap
Using SpiderFoot for Offensive Reconnaissance: Part 2 - Validation - SpiderFoot

My name is Jude, I’m a Security Analyst working with a Security Operations Center (SOC) team based in Australia. Outside of the usual SOC tasks (alert management, detection use cases), I work on specialist engagements around analyzing and understanding the external attack surface of companies using OSINT investigation and Dark Web Monitoring. One of the […] Read more.

Card image cap
A Guide to DNS Takeovers: The Misunderstood Cousin of Subdomain Takeovers

IntroductionLet's start with this: A DNS takeover is not the same as a subdomain takeover. Subdomain takeovers are old news. Hackers who caught onto them early made busloads of bounties by automating their detection and exploitation.  They're still out there, but competition is fierce. Crafty hackers built bots that detect Read more.

Card image cap
Open redirect vulnerability | Tutorials & examples | Snyk Learn

Learn about the risks of exposing open redirects, how to exploit them and how to mitigate them. Read more.

Card image cap
What is code injection? | Tutorial & examples | Snyk Learn

Learn how to protect your applications against malicious code injection in JavaScript by exploiting a vulnerable web app as part of this Snyk Learn lesson. Read more.

Card image cap
Advanced subdomain reconnaissance: How to enhance an ethical hacker’s EASM

Read more.

Card image cap
Introducing ASNMap: A Golang CLI tool for speedy reconnaissance using ASN data

If you're into hacking, there's a good chance that at least one of ProjectDiscovery's tools has been added to your toolbox over the last couple of years. In all honesty, ProjectDiscovery's tools now make up the majority of my toolbox. For this reason, I get excited when they release something Read more.

Card image cap
Hacking Together an ASM Platform Using ProjectDiscovery Tools

IntroductionIn this article, we’re going to walk through hacking together a simple attack surface monitoring platform by using ProjectDiscovery tools, bash, and flask. We will also be using MongoDB & Redis for scan data and scan queues. This tool was written for the pure purpose of this article, if Read more.

Card image cap
ReDoS | Tutorials & Examples | Snyk Learn

Learn what ReDos is, why you should be aware of it, and how you can prevent and remediate the vulnerability in your organization Read more.

Card image cap
What is SQL injection (SQLi)? | Tutorial & examples | Snyk Learn

Learn how to create SQL queries securely and avoid SQL injection attempts by malicious third parties. Read more.

Card image cap
What are logging vulnerabilities? | Tutorial & examples | Snyk Learn

Learn what a logging vulnerability is, including logging too much or logging too little, and how to protect your organization. Read more.

Card image cap
How to Hack APIs in 2021

Read more.

Card image cap
Top 5 OSINT Sources for Attack Surface Management - SpiderFoot

In this post we explore the top 5 APIs (and a few more!) that provide useful OSINT for attack surface management. Read more.

Card image cap
Using SpiderFoot to Investigate a Public Bug Bounty Program - SpiderFoot

My name is Jude, I’m a Security Analyst working with a Security Operations Center (SOC) team based in Australia. Outside of the usual SOC tasks (alert management, detection use cases), I work on specialist engagements around analyzing and understanding the external attack surface of companies using OSINT investigation and Dark Web Monitoring. One of the […] Read more.

Card image cap
How OSINT Can Be Used to Elevate DFIR - SpiderFoot

My name is Jude, I’m a Security Analyst working with a Security Operations Center (SOC) team based in Australia. Outside of the usual SOC tasks (alert management, detection use cases), I work on specialist engagements around analyzing and understanding the external attack surface of companies using OSINT investigation and Dark Web Monitoring. One of the […] Read more.

Card image cap
Leveraging AWS QuickSight dashboards to visualize recon data

Read more.

Card image cap
A hacker's guide to SSL certificates, featuring TLSx

Introduction In today's digital world, online security is more important than ever. As we rely increasingly on the internet, we must have a way to keep our communications private and secure. That's where SSL and TLS come in. SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are like secret Read more.

Card image cap
Broken Access Control - Tutorials & Examples | Snyk Learn

Learn how broken access control exploits work with a step-by-step tutorial, as well as how to mitigate and defend against them with access control settings. Read more.

Card image cap
Top 5 OSINT Sources for People Investigations - SpiderFoot

In this post we explore the top 5 APIs that provide useful OSINT for people investigations. Read more.

Card image cap
Easy Automation with Hakluke: Creating Serverless, Nocode Security Workflows | Trickest

Creating automation for hacking workflows is satisfying, but complex. In this article, hakluke creates basic recon and scanning automation with Trickest in less than 30 minutes, without writing any code or managing infrastructure! Read more.

Card image cap
Implementing Nuclei into your GitHub CI/CD pipelines

It is critical that an organisation secures all of their assets along their entire software supply chain. For instance, in a DevOps lifecycle, as a developer, ensuring the security and stability of your code is crucial. One effective way to do this is by implementing automated security testing as part Read more.

Card image cap
5 Python Libraries for Automating OSINT Operations - SpiderFoot

Python provides many libraries to assist you in developing automated OSINT solutions. In this article we explore 5 of our favourites. Read more.

Card image cap
What is SSRF (server-side request forgery)? | Tutorial & examples | Snyk Learn

Learn how to protect your code from server-side request forgery attacks in JavaScript by exploiting a vulnerable web app as part of this Snyk Learn tutorial. Read more.

Card image cap
Why is securing the external attack surface a hot topic for security experts right now? - Security Culture Detectify Blog

An EASM program has become a necessity for security so your company's external assets don't fall into a state of vulnerability at some point. Read more.

Card image cap
How To Hack Web Applications in 2022: Part 2

Read more.

Card image cap
Top 3 mistakes when implementing an External Attack Surface Management (EASM) program - Detectify Blog Security Culture

How to ensure an EASM tool provides a unified view of assets and infrastructure, enabling you to better navigate across disparate applications Read more.

Card image cap
How to Share Social Media Credentials Securely

Sharing access to social media accounts is a common task for organisations - but it’s also a huge cybersecurity risk! In this article we discuss the secure way to share access, and the potential consequences if you don’t. Read more.

Card image cap
Using SpiderFoot for Offensive Reconnaissance: Part 1 - Discovery - SpiderFoot

My name is Jude, I’m a Security Analyst working with a Security Operations Center (SOC) team based in Australia. Outside of the usual SOC tasks (alert management, detection use cases), I work on specialist engagements around analyzing and understanding the external attack surface of companies using OSINT investigation and Dark Web Monitoring. One of the […] Read more.

Card image cap
How to supercharge your hacking: Mindset, workflow, productivity and checklist

Read more.

Card image cap
Top 5 OSINT Sources for Penetration Testing and Bug Bounties - SpiderFoot

In this post we explore the top 5 APIs (and a few more!) that provide useful OSINT for penetration testing and bug bounties. Read more.

Card image cap
Building Your Own Historical DNS Solution with DNSx

If you’ve been following these blogs, you’ll see that in the last article, we hacked together a basic attack surface monitoring platform using projectdiscovery tools. Using some of those basic building blocks, we’re going to build a basic historical DNS bot that will continuously enumerate domains and Read more.

Card image cap
Building a Fast One-Shot Recon Script for Bug Bounty

Introduction In this article we are going to build a fast one-shot recon script to collect the bulk of the information we need to serve as a starting point for our bug bounty testing. This blog post is complementary to the article on building an attack surface monitoring solution. Automation, Read more.

Card image cap
New tool release: Discovering the origin host to bypass web application firewalls

Read more.

Card image cap
DOM Based XSS | Tutorial & Examples | Snyk Learn | Snyk Learn

Learn how DOM based XSS exploits work, and how to mitigate and remediate the vulnerability with step-by-step interactive tutorials from security experts. Read more.

Card image cap
Common Security Vulnerabilities in Core AWS Services: Exploitation and Mitigation

Read more.

Card image cap
4 fundamental questions on EASM - Detectify Blog

Let’s explore four big questions that are solved by having a comprehensive External Attack Surface Management (EASM) program in place. Read more.

Card image cap
XXE attack | Tutorials & Examples | Snyk Learn

Learn how an XXE attack works, and how to mitigate and fix the XXE vulnerability with real-world examples from security experts. Read more.

Card image cap
Should you learn to code before you learn to hack?

Read more.

Card image cap
Insecure Design | Tutorials & Examples | Snyk Learn

Learn about insecure design, and how to mitigate and remediate the vulnerability with real-world examples from security experts. Read more.

Card image cap
What is directory traversal? | Tutorial & examples | Snyk Learn

Learn how to protect your code from directory traversal in Java by exploiting a vulnerable web server. Read more.

Card image cap
The Ultimate Guide to Finding Bugs With Nuclei

Efficient, extensible, flexible, open source vulnerability scanning.IntroductionNuclei is a fast, efficient, and extensible vulnerability scanner. It can scan thousands of hosts in just a few minutes. The nuclei engine uses text-file templates to define the steps required to detect a vulnerability. It is an open-source tool that encourages community Read more.

Card image cap
SSRF vulnerabilities and where to find them

Read more.

Card image cap
Methods for Bypassing XSS Detection in WAFs in 2022

5 fundamental techniques that are used for bypassing WAFs with XSS payloads. An excellent resource for hackers, but also a warning to developers: a WAF is not enough to thwart exploitation of a web application. Read more.

Card image cap
Meet a Hacker Hero: Hakluke - Detectify Blog

Meet Hakluke. He's been nominated by the Detectify network as a Hacker Hero. He gives his tips for both Red and Blue teams. Read more.

Card image cap
Attack Surface Management - The importance of knowing what you have

One of the biggest cybersecurity risks to organisations today is not knowing what assets they have online, and the solution is having a good Attack Surface Management (ASM) program! It’s about more than just discovering assets. Read more.

Card image cap
Hakluke’s huge list of resources for beginner hackers

  Read more.

Card image cap
Discovering the Infrastructure of an iCloud Phishing Scam - SpiderFoot

In a lot of major cities in the world, pickpocketing and phone-snatch robberies are very common. Modern smartphones are expensive and easy to sell, and it makes them better targets than wallets that often contain no cash. There’s a reassuring catch to this malicious activity however, in that most modern smartphones, such as iPhones, are […] Read more.

Card image cap
Hack with ‘goodfaith’ – A tool to automate and scale good faith hacking

Read more.

Card image cap
How to Get the Most Out of Your Penetration Test 🤷

Penetration testing is a great way to improve the security of your org. Much of the test’s value will be determined by your readiness. Here’s how to prepare. Read more.

Card image cap
What is directory traversal? | Tutorial & examples | Snyk Learn

Learn how to protect your code from directory traversal in JavaScript by exploiting a vulnerable web server. Read more.

Card image cap
OSINT without APIs - SpiderFoot

We recently published a bunch of posts about the top 5 APIs for Threat Intelligence, Attack Surface Monitoring, Security Assessments and People Investigations, but in this post we’ve asked hakluke to write about OSINT/reconnaissance techniques that don’t leverage any APIs – best of all, they are all free techniques you can use yourself with your […] Read more.

Card image cap
How To Hack Web Applications in 2022: Part 1

Read more.

Card image cap
10 Types of Web Vulnerabilities that are Often Missed

Read more.

Card image cap
An OSINT Story: It's late Friday evening... - SpiderFoot

It’s late Friday evening, the week before the gaming conference “G3: Games, Games, Games”. Hacktivision will be presenting their long-awaited sequel to Metal Duty (MD), the overwhelmingly popular first-person shooter from the 90’s, now in its 32nd release. Read more.

Card image cap
How to Manage Vulnerable and Outdated Components | Snyk Learn | Snyk Learn

A vulnerable and outdated component is a software component that is no longer being supported by the developer, making it susceptible to security vulnerabilities. Read more.

Card image cap
Proxify - A portable CLI-based HTTP/Socks proxy written in Golang

In this blog we’ll discuss the basics of proxies, explain what Proxify is and how it can be used. You’ll learn how to: 1. Install and run Proxify 2. Customize proxy output files and addresses 3. Use DSL language to match and/or replace requests/responses from CLI. Read more.

Card image cap
Infrastructure Monitoring Best Practices | Trickest

Monitoring IT Infrastructure is difficult at the best of times, but it also ensures that you will get the most out of it. Read on to up your infrastructure monitoring game! Read more.

Card image cap
Scaling security automation with Docker

Read more.

Card image cap
Determining your hacking targets with recon and automation

Read more.

Card image cap
Hakluke: Creating the Perfect Bug Bounty Automation

Read more.

Card image cap
All the OSINT You Can Get From a Single Webpage Request - SpiderFoot

Before busting out your arsenal of tools to rip a website apart, it can be really useful to just go back to basics and start by simply making a request to the website and analyzing its response. This applies to beginners as well; before learning all of the different tools and commands it’s important to […] Read more.

Card image cap
How to Create a Custom SpiderFoot Module - SpiderFoot

SpiderFoot has over 200 modules, many of which were contributed by the community. Modules exist for extracting OSINT from third parties using APIs, but modules also exist for analysing content from the target directly, for example for extracting email addresses from web content. In this post, community contributor Jess Williams documented her experience writing a […] Read more.

Card image cap
Using SpiderFoot to Investigate Phishing Domains Targeting Ukrainian Soldiers - SpiderFoot

My name is Luke, but you might know me as @hakluke! I’m a cybersecurity professional, primarily focusing on application security and red teaming. Occasionally in my spare time I get to test my OSINT skills for something interesting, like phishing campaigns! One of the tools that I use most is SpiderFoot, because it automates a […] Read more.

Card image cap
Attackers vs Defenders: Mind the Perspective Gap - Detectify Blog

Why security defenders need an EASM solution that combines policy control, vulnerability detection, and a crowdsource element going forward Read more.

Card image cap
An ethical hacker’s perspective on EASM - Detectify Blog

Insight into the methods that ethical hackers or even malicious attackers use to collect knowledge about an organization's assets. Read more.

Card image cap
ProjectDiscovery's Best Kept Secrets

A tour of ProjectDiscovery's less-known public tools, and how to use them by @pry0ccIntroductionFor those unaware, ProjectDiscovery is a group of talented hackers and creators that have massively disrupted the offensive tooling industry by creating tooling that genuinely makes the lives of hackers easier. If you’re active in the Read more.

Card image cap
CSRF Attack | Tutorial & Examples | Snyk Learn

Learn how a cross site request forgery (CSRF) attack works, and how to detect and fix it with real-world examples from security experts. Read more.