Adam Beachell’s Post

Just completed another exciting lab on PortSwigger! This time, I tackled the Path Traversal lab, diving deep into how path traversal vulnerabilities work and how to exploit them. The lab covered: 🔍 What path traversal is 🛠 Techniques to carry out path traversal attacks 🛡 Strategies to prevent path traversal vulnerabilities I learned how attackers can read arbitrary files on a server, including application code, credentials, and sensitive OS files, and even how to bypass common defenses. PortSwigger's labs are an incredible resource for anyone passionate about web security. I never get bored and always learn something new! #WebSecurity #CyberSecurity #LearningJourney #PortSwigger #PathTraversal #EthicalHacking #ContinuousLearning

🎉 Completed Venus on VulnHub! 🎉 Thrilled to share my journey through the Venus machine, packed with interesting exploits and challenges: 🔍 Scanning & Enumeration Used nmap and ffuf for comprehensive scanning and uncovering key services. 🍪 Auth Cookie Exploitation Analyzed and exploited the authentication cookie using Burp Suite and CyberChef, obtaining credentials to access the web server via SSH. 🕵️ 📂 Privilege Escalation with CVE-2021-4034 Exploited the pkexec vulnerability (CVE-2021-4034) to perform local privilege escalation, achieving root access. 🚀 #CyberSecurity #VulnHub #Venus #Nmap #BurpSuite #CyberChef #PrivilegeEscalation #CVE20214034 #Polkit #PKExec #EthicalHacking #PenTesting #CTF #RootAccess #LinuxSecurity #InfoSec #OffensiveSecurity #VulnerabilityExploitation #HackerSkills #RedTeam #NetworkSecurity

Well configured logging mechanishm literally log everything... by everything I mean everything. We just need to know what to look for and where to look for. The "Incident handling with Splunk" by TryHackMe was a thrilling journey for me. I specially liked the attack scenario and exploring all phases of it. The modular process of finding traces, connecting dots and finding meaning out of it. Give it a try... you will like too... #socanalyst #cybersecurity #splunk #blueteam

Today’s haiku from HaikuSec: In the world of complex systems, where every line of code counts, security is our silent guardian. This haiku captures the essence of application security, the unseen yet vital layers of trust we build to ensure everything operates smoothly and securely, even in the most critical environments. #ApplicationSecurity #Infosec #SecureCode #CyberSecurity #TechHaiku #CodeSafety #MissionCritical #CyberDefense #SecurityLayers #DevSecOps

Obtained a new certificate from PenTesterLab! The exercises revolved around the discovery and exploitation of web vulnerabilities (XXS, SQL injection, Server Side Request Forgery, Authentication/Authorisation issues, code/command execution, directory traversal and much more). This one was more of a challenge to obtain, but it was definitely worth it. There are a few exercises that I will be going back at to get a better understanding of them, but very happy to finally obtain this😁 #cybersecurity #cybersecuritygraduate #pentesterlab #pentester

🔒 Excited to unveil my research report on Web Application Security! 🛡️ Through my work at CyberSapiens, I've delved into the vital field of web application security, investigating the latest methodologies to protect against vulnerabilities. From DevSecOps to SAST and DAST tools, this report covers essential strategies to secure web applications efficiently. Huge thanks to my mentor, Dheeraj Prabhu, for his guidance and support! #WebSecurity #CyberSecurity #Research #Cybersapiens #DevSecOps #SAST #DAST #LearningJourney

Exploit Intelligence goes beyond prioritization... Discovery: - GreyNoise Intelligence Query - Censys Query - Shodan Query Testing and Patch Validation: - Commercial Exploit - Version Scanning (When Possible) - Vulnerable Docker Images (When Possible) Detection: - PCAP - YARA - Suricata - Snort VulnCheck customers know what's up! #riskmanagement #vulnerabilitymanagement #cybersecurity #threatintel

Back in early 2023 The Stack did some interesting analysis of 90,000 CVEs in the National Vulnerability Database -- revealing a sharp rise in what should have been "easily caught" bugs in production software, like #SQLi and #XSS vulnerabilities. We're looking to do the same thing for early January -- with deeper analysis and better visuals! Want to participate in or even sponsor the project? (Getting in front of our influential global audience and 1.5m page impressions monthly). Expressions of interest to ed@thestack.technology #vulnerabilityanalysis #vulnerabilities #cybersecurity #infosec #securesoftware #devsecops #securedevelopment

Cracked my 4th Hack The Box machine—Green Horn! Dove deep into Splunk 4.7.18 and leveraged CVE-2023-50564. It was all about peeling back layers of an enterprise security system until the cracks showed, igniting my passion for discovery. Each machine, each exploit, takes the learning up a notch, and this one was a wild ride in getting access. #CyberSecurity #CTF #HackTheBox #Splunk #CVE202350564 #EthicalHacking #PenetrationTesting #BlueTeam #SecurityResearch #PostExploitation

🚨 New from Sonar Research! In this blog, Stefan Schiller, Vulnerability Researcher at Sonar, delves into how SonarCloud unveiled the complex taint flow behind a critical vulnerability (CVE-2024-35219) in OpenAPI Generator. He explains how SonarCloud's taint analysis tracks all data flows in an application's source code to unveil deeply hidden vulnerabilities. Read here 👉 https://bit.ly/3C7h8iY #SonarResearch #taintanalysis #Vulnerability #OpenAPI #security #cybersecurity