OUR
BLOG

21 Nov 2017

Using Google for hacking and GHDB

So the title of this post looks quite catchy? Isn’t it? But be assured because yes we will really hack Google “Search” not only for the sole purpose of helping us in penetration testing but also to learn how to make our searches fruitful. Actually, did you know that there are ways by which you […]

Read more
21 Nov 2017

BurpSuite – Swiss Knife for penetration testers

Welcome back everyone to this very new blog post. There are so many different tools and applications for pentesters but did you ever think which is the most loved one amongst them? Yes, there are so many like Nmap, Zap, Hydra, Nessus, and many others. Any guesses? If you are thinking, what we are thinking […]

Read more
13 Nov 2017

SSL/TLS security testing

Did you ever think why some websites use http:// and some use https:// in the URL address? For example, why websites like Amazon and Facebook have addresses https://www.amazon.in/ and https://www.facebook.com instead of http://www.amazon.in and http://www.facebook.com? How does a single ‘s‘ makes the difference? If you are a security researcher, you must be already knowing the […]

Read more
09 Nov 2017

Insecure Direct Object Reference – a modern age SQLi

In the previous posts, we already covered the most critical vulnerabilities like XSS and SQL Injection as well as some moderate ones like CSRF. In this post, we will see how to test for vulnerabilities like Insecure Direct Object References also known as IDOR. So, what is IDOR actually? IDOR was considered to be the […]

Read more
24 Oct 2017

How to become a hacker in 10 mins?

Hey, welcome again everyone to this new blog post. This one is quite different from the other posts because in this post we will tell you how to become a hacker. Moreover, this post is mainly for people starting in the cyber-security field or someone who wants to learn how to hack after watching the […]

Read more
20 Oct 2017

Everything you need to know to find CSRF vulnerabilities

Welcome, everyone. In this post, we will look at another critical web application vulnerability. CSRF or Cross-Site Request forgery basically means that the application isn’t able to distinguish between the original request that a user sends or a forged request that an attacker makes a user send. The most important thing about CSRF attacks is […]

Read more
20 Oct 2017

SQL injection exploitation with and without SQLmap

Hey everyone. Welcome in this brand new tutorial in which we are going to look at “SQL Injection”, one of the most dangerous web application vulnerability considered by the OWASP Top 10. What really is SQL Injection? SQL injection flaws occur when untrusted data is sent to an interpreter as part of a command or […]

Read more
20 Oct 2017

3 must have tools for Penetration testers

Welcome folks. In the previous posts, we have been talking about web application penetration testing in depth. But in this post, we will look at the 3 most useful tools which many bug bounty hunters and penetration testers use for their daily testing and bug hunting. Why only 3 tools? This post is totally based […]

Read more
12 Oct 2017

How to approach for XSS hunting in a web application.

Hi, every security enthusiast out there. In this blog, we are going to tell you how to approach to find Cross-Site Scripting vulnerabilities in a web application. So what is XSS and why is it so dangerous? XSS or Cross-site scripting is a type of web application vulnerability. It is considered to be one of […]

Read more
06 Oct 2017

Pentesting a wordpress website using WPSCAN

Ever thought of quickly testing a WordPress website for known vulnerabilities and expired plugins or themes? Well, here is a blog on one of such fantastic tool $wpscan What is WordPress and why is it famous? WordPress is an online, open source website creation tool. It makes website creation super easy and is very user-friendly. […]

Read more

Want to know anything about Enciphers or how we work?