Cancel

OWASP API Security Broken Function Level Authorization

Kita semakin mengandalkan API untuk mendukung aplikasi kita. Dalam seri Keamanan API 101 ini, mari kita bahas kerentanan keamanan yang memengaruhi API, apa yang menyebabkan kerentanan ini, dan cara...

Jan 30, 20222022-01-30T00:00:00+07:00 3 min

OWASP API Security Excessive Data Exposure

Anda mungkin pernah mendengar tentang Top 10 OWASP atau sepuluh kerentanan teratas yang mengancam Webapps. OWASP juga secara berkala memilih daftar sepuluh besar kerentanan yang mengancam API, yang...

Jan 29, 20222022-01-29T07:00:00+07:00 3 min

Teknik mengamankan Web dengan Access Control Model

Follow @0x3n0 Sejauh ini kamu mungkin telah menemukan berbagai web aplikasi di mana kamu dapat mengundang anggota dengan akses terbatas ke informasi dalam organisasi. developer dapat membuat aplik...

Jan 25, 20222022-01-25T00:00:00+07:00 6 min

HackTheBox - Grandpa

HTB is an excellent platform that hosts machines belonging to multiple OS. It also has some other challenges as well. Individuals have to solve the puzzle (simple enumeration plus pentest) in order...

Oct 23, 20212021-10-23T00:34:46+07:00 7 min

HackTheBox - Buff

Buff is a very nice OSCP style box, where I have to identify the web software running on the site, and exploit it using public exploits to get execution via webshell. For privesc, I’ll find another...

Oct 18, 20212021-10-18T06:49:17+07:00 4 min

HackTheBox - ServMon

ServMon is an easy Windows box requiring two exploits. There is a hint in anonymous FTP about the location of the password list. I was able to use the directory traversal bug in the NVMS 1000 web...

Sep 7, 20212021-09-07T06:00:00+07:00 6 min

HackTheBox - Forest

Forest in an easy HackTheBox virtual machine acting as a Windows Domain Controller (DC) in which Exchange Server has been installed. Anonymous LDAP binds are allowed, which we will use to enumer...

Sep 7, 20212021-09-07T00:47:54+07:00 18 min

1
2
3
...
12
2 / 12