Why GrapheneOS is the Best Android ROM: A Deep Dive into Privacy, Security, and Usability In the evolving landscape of mobile operating systems, GrapheneOS has emerged as one of the most advanced and privacy-centric custom ROMs for Android devices. Built with a focus on security and privacy, GrapheneOS has taken Android’s open-source architecture and improved … Read more
Advanced Firebase Exploitation: Risks, Attack Techniques, Mitigations, and Detection Firebase, a cloud-based platform by Google, powers countless mobile and web applications by providing real-time databases, authentication, hosting, and more. Its ease of use and powerful features make it a popular choice for developers. However, Firebase’s inherent flexibility, combined with the complexity of cloud environments, introduces … Read more
The Risks of Oversharing on Social Media Suppose you have an X (Twitter), Facebook, Pinterest, Instagram, or any other social media account, and you type in #Newbadge and #Newjob in the search bar or look up an organization’s page. In this case, you will certainly come across pictures featuring badges, shirts, or individuals proudly displaying … Read more
Simple Mail Transfer Protocol (SMTP) Overview Simple Mail Transfer Protocol (SMTP) is pivotal for sending emails between clients and servers. Attackers can exploit SMTP vulnerabilities through spamming and spoofing. SMTP vulnerabilities enable attackers to use tools like Telnet or Netcat to send emails, probe for open relays, and verify email addresses for targeted attacks or … Read more
Throughout your security career, you may come across terms such as Common Vulnerabilities and Exposures (CVE) or Common Vulnerability Severity Score (CVSS). These terms usually refer to weaknesses in software, applications, or operating systems that are public-facing or internal on an organization’s network. However, some CVEs may not be familiar to you, such as smart … Read more
Introduction We can almost guarantee that anyone reading this article has either a mobile device or tablet with an application on it. However, many users don’t realize that every second those mobile phones are not in airplane mode, disconnected from a wireless network, or turned off, they are transmitting data to and from a server … Read more
Introduction Throughout our penetration testing engagements, we’ve discovered that gaining an initial foothold in a domain or acquiring user credentials can often be much easier than expected. Why is that? The culprit is often the fallback protocols—NetBIOS, LLMNR, and mDNS. While many organizations claim that these protocols are either “fixed” or pose no risk, the … Read more
Introduction As we spend more and more time on the internet, we are constantly creating new accounts and logging into different websites and services. With so many passwords to remember, it’s not surprising that many of us fall into the habit of reusing the same passwords repeatedly. However, did you know that if you store … Read more
On May 3, 2023, Google tweeted that they are now granting the opportunity for people to buy websites that end with the .zip and .mov top-level domains (TLD). These TLDs have been available since 2014, but were significantly more expensive. With this introduction of new sites that can use the popular file extensions instead of … Read more
Introduction As a follow-up to my previous article regarding attack surface management, data breaches have become a recurring nightmare for organizations in the digital age. As sensitive information becomes increasingly stored and shared online, the threat of a breach continues to loom. While many factors contribute to data breaches, one that is often overlooked is … Read more