Insecure Deserialization

Introduction Insecure deserialization is a cybersecurity vulnerability that affects various programming languages, including C#, Java, PHP, Python, and others. This article explores the dangers of insecure deserialization, how it affects different languages, and how developers can mitigate the risks. Additionally, we will discuss the roles of penetration testing and source code reviews in helping companies […]

Phishing – The Most Important Thing?

It seems like every day we see in the news that another organization was compromised. If we dig deep into the root cause of these breaches we find a very common theme – phishing. Phishing is the act of sending fraudulent emails or messages with the intention of tricking the recipient into revealing sensitive information […]

TLS Versions Explained

Transport Layer Security (TLS) is a widely-used protocol for securing communications on the internet. TLS is responsible for establishing a secure and encrypted connection between two communicating devices, ensuring that the data transmitted between them is protected from eavesdropping, tampering, and other attacks. TLS has undergone several revisions over the years, with TLS 1.0 and […]

WordPress Security

WordPress is one of the most popular content management systems (CMS) in the world, powering over 40% of all websites on the internet. However, with great popularity comes a great responsibility to keep the WordPress installation secure. In this blog post, we’ll discuss some of the best practices that users should follow to ensure the […]

How ChatGPT Helps Us

How ChatGPT Helps Us Recently, Brackish was conducting a phishing engagement, and we had the idea to try out ChatGPT to help us build our phishing infrastructure. We’ve already built this stuff manually, so this experiment would give us an idea of exactly how helpful ChatGPT can be for us in “real” situations. The Engagement […]

Zero Trust Brought to You by ChatGPT

Zero trust is a security concept that has gained popularity in recent years due to the increasing complexity and sophistication of cyber threats. It is based on the premise that no one, whether they are inside or outside an organization, should be trusted until they have been authenticated and authorized to access specific resources. This […]