We live in a digital era where almost all activities are connected to the internet — from shopping, banking, working, to entertainment. But many people are still careless about protecting their personal data and unknowingly open gaps for cyber attacks. This is where cyber hygiene becomes important, which refers to good digital habits to prevent cyber attacks.
What Is Cyber Hygiene? Cyber hygiene is a set of practices or daily routines that help maintain the security of your information and …
In this post you will understand what HTTP is examples of HTTP request and response and how it works behind your browser. This is an important foundation to understand how the web works which will be very useful for web hacking bug bounty and pentesting.
What Is HTTP? HTTP Hypertext Transfer Protocol is the main protocol used to send data between client browser and server web server.
Every time we access a website the browser sends an HTTP request and the server responds with an HTTP response. …
In recent years, ransomware has become one of the most serious threats in the cybersecurity landscape. It no longer targets large enterprises only; cybercriminals now also target SMEs, educational institutions, and even the healthcare sector. The impact can be severe, ranging from operational disruption and loss of critical data to financial losses due to ransom payments.
Readers can see continuously updated ransomware victims on Ransomware Live. From there, we can observe that ransomware …
Overview Web phishing is one of the attack methods most frequently used by attackers. In a phishing attack, the attacker creates a fake website that imitates a legitimate website. This fake website is usually used to steal sensitive information from victims, such as login credentials, credit card information, and others.
A common perception is that phishing websites always use the HTTP protocol. However, is that really the case? Do phishing websites never use the HTTPS protocol?
What Is a Credential Attack? A credential attack or credential-based attack is a hacking attempt to take over someone’s account by stealing a username and password. Usually this is done through techniques like phishing, credential stuffing, and brute force.
Simply put, attackers spy, guess, or try thousands of password combinations to get into your account. After that, they can access all the data inside it, such as email accounts, social media accounts, game accounts, and even banking …
Why Is Validating SPF, DKIM, and DMARC Important? If you have already configured SPF, DKIM, and DMARC in DNS, don’t immediately assume everything is secure. An invalid configuration can cause emails to go into the spam folder or even be rejected by the receiving server. That’s why validation is very important to ensure the configuration you created actually works.
If you are still confused about what SPF, DKIM, and DMARC are, you can read the article Email DNS Security Configuration …
What is SSL/TLS? SSL/TLS (Secure Sockets Layer/Transport Layer Security) is a security protocol used to secure communication between a server and a client. In the web context, SSL/TLS is used to encrypt data transmitted between a browser and a web server, so that sensitive information such as passwords and credit card numbers cannot be accessed by third parties.
SSL is the earlier version of the protocol, while TLS is the newer and more secure version. Although the term SSL is still commonly …
Execution After Redirect or EAR is a technique used to execute code after the redirect process. This technique is usually used to bypass several security features that exist in web applications. In this article, we will discuss how to exploit EAR using Burp Suite.
What is Execution After Redirect (EAR)? Execution After Redirect is usually found in web applications with native style code that use a redirect mechanism to direct users to another page after performing a certain process, such as …
This is actually an old case that went viral last year. While browsing Facebook, I frequently encountered sponsored job advertisements claiming to be from well-known companies — especially in mining, factory, and other blue-collar sectors — such as PT Epson, PT Unilever, PT Indofood, and other major corporations.
These ads direct applicants to register online by filling out personal information such as:
Full name Address Phone number National ID number And other personal details Unfortunately, …
Introduction Phishing is an attack carried out by influencing someone to provide personal or confidential information. This attack is usually conducted by sending fake emails that resemble official emails from certain companies or organizations. In a phishing attack, the attacker attempts to obtain sensitive information such as username, password, and even credit card information.
As an organization that is aware of information security, it is important for us to conduct phishing simulations …
