Stefan Istrate’s Post

what's great about open-source is that they are more secure than closed-source simply because when a hacker/ security researchers finds a #0day, they can keep it for themselves and only a few other researchers will find that same vulnerability, however, on a open-source project, hundreds of researches will find it, hence more chance of getting it reported and patched. 🤩 I just completed Attacking Common Application on Hack The Box Very interesting ! #hacker #vulnerability #redteamer #cybersecurity

This module was a blast, I loved the skills assessments that really made me think outside the box! Time to cover privilege escalation, reporting, and then take the enterprise networks head on 💻 👾 #hackthebox #htb #ethicalhacking #pentesting #attackingapplications #redteam #cybersecurity #learning #CPTS

Recently completed another enriching module on Hack The Box, focusing on attacking common applications such as WordPress, Nagios, GitLab, Jenkins, OSTicket, and more. While the experience was highly educational, I found the section on attacking thick client applications to be less than satisfactory. Improvements could certainly be made to enhance that aspect, especially considering the challenge presented in solving the lab where password extraction was required. Nonetheless, I remain determined to complete three more modules before the CPTS exam. #infosec #cybersecurity #hackthebox #cpts

Unidentified Weaknesses Could Be Exposing Your Web App! ⚠️ Did you know that even the most robust web applications can harbor hidden vulnerabilities? During a recent penetration test, I identified several critical security gaps that could be exploited by attackers. These vulnerabilities could put user data at risk and disrupt core functionalities. Here are some of the top findings: 1. SQL Injection: This common vulnerability allows attackers to manipulate database queries, potentially leading to data breaches or unauthorized access. 2. Broken Authentication: Weak authentication practices can make it easy for attackers to steal login credentials and gain access to user accounts. Protect Your Users and Your Business: By addressing these vulnerabilities, you can significantly improve the security posture of your web application. My comprehensive penetration testing report dives deeper into these findings, offering: 1. Detailed explanations of each vulnerability 2. Step-by-step remediation steps 3. Recommendations for future security best practices #pentesting #websecurity #vulnerabilitymanagement #cybersecurity #infosec

Ovirt&engine: potential exposure of cleartext provider passwords via web uiA ...A flaw was found in oVirt. A user with administrator privileges, including users with the ReadOnlyAdmin permission, may be able to use browser developer tools to view Provider passwords in cleartext.https://https://lnkd.in/dPEb-iJp

🔐 𝗘𝘅𝗰𝗶𝘁𝗲𝗱 𝘁𝗼 𝗱𝗶𝘃𝗲 𝗶𝗻𝘁𝗼 𝗪𝗲𝗯 𝗔𝗽𝗽𝗹𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗣𝗲𝗻𝗲𝘁𝗿𝗮𝘁𝗶𝗼𝗻 𝗧𝗲𝘀𝘁𝗶𝗻𝗴 ( #𝗪𝗔𝗣𝗧 )? Check out this comprehensive introduction video by #TeamPrime ! Learn about the basics of WAPT and its importance. #primeinfoserv #wapt #cybersecurity #dataprotection #datasecurity #datasafety #vapt #grc

Crack the code on SQL Injection vulnerabilities with ease! 💻 Dive into my latest Medium post for straightforward techniques to find SQLi. Check it out here: https://lnkd.in/gigENxtV #Cybersecurity #SQLInjection #InfoSec #appsec #appsecurity

I just completed module Using Web Proxies in HTB Academy! https://lnkd.in/dic4zbmD #hackthebox #htbacademy #cybersecurity

Module Completed. This is where the fun part starts! I enjoyed this module. :) Web proxies are specialized tools that can be set up between a browser and a back-end server to capture and view all the web requests being sent between both ends, essentially acting as man-in-the-middle (MITM) tools. This module will walk you through both tools, Burp and ZAP to show you how to navigate through the different options in terms of proxy/decoder/Intruder (Fuzz in ZAP)/website crawling/changing request headers. At the end is a skill assessment like a internal Web app test to find some flags! #htb #hackthebox #htbacademy #cybersecurity #cyber #webapp #webapphacking #burp #zap #proxy #proxychain

I just completed module Using Web Proxies in HTB Academy! https://lnkd.in/giJheNd5 #hackthebox #htbacademy #cybersecurity