Assuming that the server takes actions based on a certain condition, let’s analyze a scenario where the server performs computations depending on the result of that condition and then returns a response to the user. In both cases, whether the computations are performed or not, the server returns a response… Continue reading →
In the context of the growing role of artificial intelligence (AI) in various fields, the question of its impact on the job market in cybersecurity is becoming increasingly relevant. On one hand, automation and intelligent systems can significantly speed up and streamline processes related to data and IT infrastructure protection…. Continue reading →
This post was inspired by the excellent presentation by Jan Seredynski from THS 2023. Cybersecurity is not a binary issue – there are no solutions that guarantee 100% security. In reality, it is more about risk assessment and choosing solutions that are less vulnerable to attacks. An example of such… Continue reading →
The illusion of security is worse than the awareness of its absence because it leads to decisions made on false premises. Information conveyed by public trust institutions such as “We protect your personal data” often creates this illusion of security. Let’s study two examples of this using password-protected PDF files…. Continue reading →
Cybersecurity certifications are becoming an indispensable part of any IT specialist’s career. On various forums, many beginners ask similar questions: “Is certificate A or B a good choice?” While certifications don’t guarantee employment as money doesn’t guarantee happiness, they can significantly enrich your resume when entering the job market. Proper… Continue reading →
Many file formats, besides presenting content, such as JPEG showing a taken photo, can contain metadata. This hidden information can be invaluable during OSINT investigations and penetration tests. Let’s look at some cases and tools useful for extracting these seemingly hidden pieces of information. Not Cleaning Metadata from Photos The… Continue reading →
This post is a supplement to my presentation at The Hack Summit 2023, where I will demonstrate how to accelerate and streamline web application penetration testing using several plugins for Burp Suite. Below is a compilation of the most useful plugins for Burp Suite that I personally use. Some of… Continue reading →
This manual shows you how to set up your IP camera. The model screenshots were taken from the IPCAM PTZ camera model C6F0SgZ3N0P6L2, however, the same settings can be applied to most brands. Cameras that will have very similar settings are Clearview, Dahua, Hikvision, Gise and Qsee. Format Video To… Continue reading →
I have been collecting statistics from my computer security research for the last few years. I decided to share them a bit. Here you can find a sample penetration test report – report. In a large number of interviews with penetration testers, I hear the question – "Has the security… Continue reading →
When you run a penetration test of a web page that generates dynamic content using templates with user-provided values, you may encounter server-side template injection vulnerability. Manual identification of the template engine you are dealing with and subsequent exploitation can be easily automated using the Tplmap tool. Tplmap is able… Continue reading →
Cześć podróżniku!
Jestem Michał. Cyberbezpieczeństwo jest moją pasją i pracą. Hobbystycznie zajmuję się drukiem 3d. W ramach tej strony staram się dzielić się wiedzą właśnie z tych obszarów. Mam nadzieję, że znajdziesz tutaj przydatne dla siebie informacje :)
Więcej o mnie...
Subscription
Wspieraj tę stronę
Jeżeli podoba Ci się moja twórczość możesz mnie wesprzeć kawą :)
