In this post you will understand what HTTP is examples of HTTP request and response and how it works behind your browser. This is an important foundation to understand how the web works which will be very useful for web hacking bug bounty and pentesting.
What Is HTTP? HTTP Hypertext Transfer Protocol is the main protocol used to send data between client browser and server web server.
Every time we access a website the browser sends an HTTP request and the server responds with an HTTP response. …
In recent years, ransomware has become one of the most serious threats in the cybersecurity landscape. It no longer targets large enterprises only; cybercriminals now also target SMEs, educational institutions, and even the healthcare sector. The impact can be severe, ranging from operational disruption and loss of critical data to financial losses due to ransom payments.
Readers can see continuously updated ransomware victims on Ransomware Live. From there, we can observe that ransomware …
What is SSL/TLS? SSL/TLS (Secure Sockets Layer/Transport Layer Security) is a security protocol used to secure communication between a server and a client. In the web context, SSL/TLS is used to encrypt data transmitted between a browser and a web server, so that sensitive information such as passwords and credit card numbers cannot be accessed by third parties.
SSL is the earlier version of the protocol, while TLS is the newer and more secure version. Although the term SSL is still commonly …
As we know, DNS is a service responsible for converting hostnames into IP addresses. It sounds simple, but some people do not realize that this DNS service can also cause security vulnerabilities. The following are several events I have experienced related to DNS and its security. Keep in mind this does not cover all vulnerabilities that exist in DNS, such as DNS Spoofing, DNS Amplification, DNS Hijacking, DNS Rebinding Attack, and other attacks, only several events that I have personally …
Preamble Some time ago, there was a bit of discussion at the office regarding a new policy from the DKI Jakarta Provincial Government about deactivating Jakarta ID cards for residents who are no longer domiciled in Jakarta. Several colleagues were affected, so others who still had Jakarta ID cards immediately checked their NIK status.
However, as we know, many people have had bad experiences accessing digital government services, ranging from slow loading to being completely inaccessible. My …
Goodbye Disqus, Hello Giscus After using Disqus for a long time as a comment platform, also known as Comment-as-a-service, this website has finally switched to giscus after considering another similar platform that also uses GitHub, namely utterances.
Starting When I first built this website, I was confused about which comment system to use. Since this site is an SSG (Static Site Generator) and does not have a database connection, using a third party comment platform was the best option. In …
As a Cybersecurity worker, we must stay up-to-date with any news, alerts, advisories and others also in the IT field everything is new and growing so fast, especially in cybersecurity
To fill this gap I use a RSS aggregator to send the latest update from my favorite blog/news to notify me
If you join SHL Discord you’ll be familiar with feeds and feeds-ransom text channel, this is how I configure it
You may have just clicked on a Phishing Ad I am tired of the ads that appear while watching reels on Facebook. Besides malware ads and online gambling ads, there are also many phishing ads targeting games like Free Fire and Mobile Legends, as well as ads inviting users to join 18+ groups. These ads are designed to steal social media account credentials and can seriously harm users.
Phishing, or password fishing, is a method widely used by threat actors to obtain access or credentials to services …
After writing about malware ads using the Google Bard lure, now there is another malware ad that is slightly different, both in terms of the lure and the malware being delivered. This ad promotes a custom Windows taskbar to make it look more attractive. However, the file downloaded is actually malware and there is no custom taskbar installation as advertised. So what does the downloaded file install? Of course, malware. Below is roughly what the installer does.
Understanding What a Dictionary Attack Is A dictionary attack is one of the common techniques used in hacking or pentesting. This attack uses a collection of commonly used passwords (wordlists) or passwords that have been leaked on the internet, such as rockyou.txt, ignis, and others.
The difference between a brute force attack and a dictionary attack lies in the use of a wordlist. A brute force attack attempts all possible character combinations, which usually takes much longer. A dictionary …
