Why you need a DMZ In today’s interconnected world, network design and segmentation are crucial for the security and performance of an organization’s IT infrastructure. A well-designed network should be segmented to isolate critical assets and minimize the impact of a potential security breach. One common approach to network segmentation is the use of a
How ChatGPT Helps Us Recently, Brackish was conducting a phishing engagement, and we had the idea to try out ChatGPT to help us build our phishing infrastructure. We’ve already built this stuff manually, so this experiment would give us an idea of exactly how helpful ChatGPT can be for us in “real” situations. The Engagement
“SSL Certificate signed using weak hashing algorithm” refers to a security vulnerability in the SSL/TLS certificate used by a website. A hashing algorithm is used to create a unique digital signature for the certificate, which is then used to encrypt communications between the website and its visitors. If a weak hashing algorithm is used, the
Introduction External attack surface management (ASM) refers to the process of identifying, analyzing, and mitigating security risks and vulnerabilities that originate from outside an organization’s network. The focus of external ASM is to protect against threats such as hackers, cybercriminals, and malicious software that can target public-facing systems and applications. These threats can pose a
What is Data Privacy? Data privacy is a critical issue in today’s digital age, as more and more personal information is being collected, stored, and shared by companies and organizations. It is important to ensure that individuals’ personal information is protected and kept private to prevent misuse and abuse. One of the major concerns with
Today we have another rate-limiting issue. While this one is not as impactful as the previous one – it’s still fun. Organizr is a self-hosted application written in PHP that basically helps you self-host other services at your home. It’s nifty application with a surprisingly large amount of functionality. We were recently poking at it
OWASP Top Ten – Injection Today’s entry in the OWASP Top Ten series is Injection. If we are going to call a vulnerability a classic, this would be it. In the latest version of the OWASP Top Ten, the venerable vulnerability Cross Site Scripting has been combined with other classic injections, such as SQL injection,
TutorTrac Multiple Stored XSS Brackish researchers found authenticated stored cross-site-scripting (XSS) in TutorTrac version <= 4.2.170210. An authenticated attacker could utilize crafted input in several locations throughout the application to perform XSS attacks. This is a standard stored XSS attack that can be used to steal user’s sessions cookies, amongst other things. Injection is a