threatER’s Post

Ever Wonder How Burp Suite decrypt the traffic..? We all know HTTPS encrypts traffic, making it secure and preventing attackers from easily sniffing sensitive data. However, as pentesters, we use Burp Suite daily to intercept and decrypt HTTPS traffic. Have you ever wondered how Burp Suite decrypts this traffic and displays encrypted data in plain text? Read the full blog to know more .. #cybersecurity #BurpSuite #ethicalhacking #EthicalHackingTools #PenetrationTesting #CyberAwareness #AppSec #InfosecCommunity #happylearning

Microsoft has released security updates for the month of April 2024 to remediate a record 149 flaws, two of which have come under active exploitation in the wild. Of the 149 flaws, three are rated Critical, 142 are rated Important, three are rated Moderate, and one is rated Low in severity. The update is aside from 21 vulnerabilities that the company addressed in its Chromium-based Edge browser following the release of the March 2024 Patch Tuesday fixes. The two shortcomings that have come under active exploitation are below - CVE-2024-26234 (CVSS score: 6.7) - Proxy Driver Spoofing Vulnerability CVE-2024-29988 (CVSS score: 8.8) - SmartScreen Prompt Security Feature Bypass Vulnerability #cve #vulnerability #patchtuesday

🔓 Completed the Password Brute-Force via Password Change Lab! 🛡️ Proud to share that I’ve successfully completed the lab on “Password Brute-Force via Password Change” with the Web Security Academy by PortSwigger! 🚀 In this exercise, I explored how weak password change mechanisms can be exploited to brute-force passwords and compromise user accounts. It was an eye-opener on how important it is to secure every aspect of the authentication process, including change requests. 💡 Key Takeaways: ✅ Understanding how vulnerabilities in the password change process can be leveraged for brute-force attacks. ✅ Identifying and mitigating flaws in password change workflows. ✅ Best practices for implementing robust protections against brute-forcing and unauthorized access. Every security gap closed is a step closer to a safer digital world! 🔐💪 #CyberSecurity #WebSecurity #InfoSec #PortSwigger #EthicalHacking #AppSec #LearningJourney

Day 37 #100DaysofCybersecurity Today, I explored Burp Suite, a powerful tool during the phases of Web Application Security testing. I learned about some of the essential functionality in the Burp Suite Community Edition: Proxy: Intercepts and analyzes web traffic between the browser and server, allowing for real-time inspection and manipulation of requests and responses. Repeater: Captures, modifies, and resends requests multiple times to test different inputs or scenarios. Intruder: Sends payloads to endpoints to test for vulnerabilities, enabling efficient brute-forcing and fuzzing. Decoder: Transforms encoded data, whether it's decoding captured information or encoding payloads before sending them to the target. Comparer: Compares two pieces of data to identify differences, useful for analyzing variations in responses. Sequencer: Assesses the randomness of tokens, such as session cookies, to identify weaknesses in session management. #BurpSuite #WebAppSecurity #Cybersecurity #PenTest #LearningJourney

Palo Alto Networks has released a high-severity update for the Prisma Access Browser to address critical vulnerabilities in the Chromium engine, including issues that could allow attackers to execute arbitrary code. Users are urged to upgrade to version 127.100.2858.4 or later to ensure security. Vulnerability Type: Use after free, type confusion, and insufficient data validation. Severity: High (CVSS 8.6). Affected Versions: Below 126.183.2844.1. Recommendation: Update to at least version 127.100.2858.4. Stay secure! #cybersecurity #paloalto #vulnerability #prismaaccess #update https://lnkd.in/d_XkQiX9

The latest update for #Detectify includes "How our new engine framework helped address the critical CUPS vulnerability within the day" and "Get to know our new Domains page". #cybersecurity #webvulnerabilities #websecurity https://lnkd.in/dHMDMPz

Offline password cracking Practitioner This lab stores the user's password hash in a cookie. The lab also contains an XSS vulnerability in the comment functionality. To solve the lab, obtain Carlos's stay-logged-in cookie and use it to crack his password. Then, log in as carlos and delete his account from the "My account" page.  🦊🎅  🏴☠️ #burpsuite #akimbocore #portswigger #pentesting #cybersecurity #ethicalhacking #bugbounty #webapp #bruteforce #xss #merrychristmas

🕵️♂️ CISA has added a critical security flaw (CVE-2023-43208) affecting NextGen #Healthcare Mirth Connect to its Known Exploited Vulnerabilities catalog. Learn more: https://lnkd.in/g7CfMEqJ Update to version 4.4.1 or later ASAP!

Microsoft Fixes 149 Flaws in Huge April Patch Release, #ZeroDays Included: 🔥 #Microsoft has released #security #updates for the month of April 2024 to remediate a record 149 #flaws, two of which have come under active exploitation in the wild. 🔥 Of the 149 flaws, three are rated #Critical, 142 are rated #Important, three are rated Moderate, and one is rated Low in severity. The update is aside from 21 vulnerabilities that the company addressed in its Chromium-based #Edge browser following the release of the March 2024 #Patch Tuesday fixes.  👉 https://lnkd.in/dPcFefPG

The latest update for #Detectify includes "Get to know our new Domains page" and "All in on flexible and efficient integrations". #cybersecurity #webvulnerabilities #websecurity https://lnkd.in/dHMDMPz