Hi people! In this post, I will be talking about my first ever “not-cheating” machine takeover including the “cheating” and the “not-cheating” one (haha, yikes).
This machine is rated as easy, however, it teaches me a lot as a beginner and I am looking forward to trying the other machine takeovers.
First of all, we need to perform a Nmap scan. I use the following script
nmap -A -v 10.10.10.242Legends:
A : a lot of scans…
When we encounter the term “cyberattack”, what scenario comes to our mind? Maybe because we are contaminated with hacking films, especially for those who have not encountered a real cyberattack, will think there will be a popup saying “your computer has been hacked” with the green-ish theme color and a kind of alarm sound effect.
err, actually if you are facing a ransomware attack, there will be a dramatic one actually with a padlock that says “you are hacked” or “your data has been encrypted” or something.
So, my point is, most of the attacks may not be dramatic. Because…
Hello friends! I need to apologize for my disappearance few weeks or maybe months back. Happy new year everybody and happy lunar new year to people who are celebrating.
Let me tell a short story about what have I been doing for the last couple of weeks. I am now working as a cyber risk assurance consultant associate and now, I am in charge of a client to do a cybersecurity assessment using NIST, you can see the resources here. Anyway, I am only responsible for the last 2 parts of the framework, the “respond & recover” domain. Because of…
Hello friends! We are back again with another cybersecurity theory again. This time we will be talking about remote file inclusion. This is a common vulnerability because we love dynamic content. Basically, this attack exploits the include() function in PHP. I found it really difficult for me when I was learning this method in the first place. For me, after I understand it, there are a lot of important things that can be confusing if they are not clearly stated. Let’s get started.
For you who have been working around web development, most likely you are aware of the “include”…
Hello everybody, back to the penetration testing exercise. This time I exercised at root-me. This challenge is talking about a vulnerability in eval function implementation in the PHP language. Basically, sometimes, we have established some firewalls like regular expression filtration, but unfortunately, it still can be bypassed. In this challenge, we will talk about how we bypass a regular-expression firewall.
Okay, after telling you about the reason why you should start to learn computer programming, in this blog, I will tell you the code that I used to do my task in my office. If you have not read the reason why you should start to learn computer programming, you can go to the post here. Okay, let’s start our technical part.
Looking back at the document we have to process, what is the (human) logic here? I will repost the screenshot of the NIST CSF document.
I firmly believe that programming is important for everyone. Yes, I am stating everyone which includes IT and non-IT-related jobs. The ultimate reason why programming is important is that it teaches you how to think structurally. Seriously, though, a capability to think structurally is really beneficial whether in a timely manner or effort manner.
If you are working in an IT-related industry or IT division in a company, you may find programming is a must, probably that is why you are hired for. But the question is, is it important for the non-it-related jobs that maybe mostly be interacting with…
Risk is something that must be considered in the organization. Besides developing the organization through research and development, marketing, and another aspect, risk must be put on the agenda. Basically, because the risk is not handled, it will invite chaos. Especially in this digital era when technology becomes the business’s backbone.
When technology becomes the business’s backbone, it raises the responsibility for businesses to start considering technology-related risks. But as people said, easier said than done, because, technology changes rapidly. …