blog

Our Latest Blogs

Explore our latest blog posts and stay secure in a digital world.

Facebook Like Widget – Spammers Tool???
October 28, 2024
Blacklock

Now a days, I get very curious to look at view-source of website where Facebook’s Like button is embedded. But why should I do this? Isn’t facebook Like button trusted? This is right.. Huh!!! The answer is NO. If there is a mismatch in the domain (you are visiting) and facebook’s Like button then there is surely a problem and it is a spam page.

Continue Reading
Exploiting SSH key based authentication
October 27, 2024
Blacklock

This is rather be a quick post and intended to be a reference note for me (and you all).

Continue Reading
Managing Wordpress and Joomla Security
October 3, 2024
Blacklock

In the last 6 months, I have noticed that there is an exponential increase in hacking activities specially targeted to CMS based websites i.e. Wordpress and Joomla. Both these platforms offer business owners a comfortable base to built application within no time.

Continue Reading
Nessus 5.2 XMLRPC Automation
October 3, 2024
Blacklock

Recently, I was trying to use my previously automated Nessus Automation scripts and detected they aren’t working on latest Nessus 5.2 XMLRPC.Last time, I automated network scanning tasks using XMLRPC in Perl but strange it did not work anymore with Nessus 5.2.

Continue Reading
Automating Nessus Capabilities
September 25, 2024
Blacklock

In the process of automating network scans for large networks there is a necessity to automate Nessus scans as well. The major advantage and most important point of this automation is that it allows you to do a Schedule scan in Home Feed version (which is only available in Pro feed) and the easiest part is your scans would run as if you are running from your Nessus web interface client.

Continue Reading
Configuring ModSecurity with OWASP CRS – Part II
September 25, 2024
Blacklock

The next step is to configure ModSecurity with OWASP CRS (Core Rule Set) rules.

Continue Reading
Configuring ModSecurity with OWASP CRS – Part 1
September 25, 2024
Blacklock

We were motivated to write about it when few of our clients just instantly asked us about blocking all known malicious web attacks at web server level itself. We quickly suggested them an open source, reliable WAF solution that suffice to their requirement. Obviously, just installing WAF does not mean that you do not need application security controls.

Continue Reading
Local Data Storage Analysis with iOS Simulator
September 25, 2024
Blacklock

There have been times when a penetration tester is not able to install iOS application on a physical device while performing iOS application security assessment. This can happen due to various reasons

Continue Reading
Way to go – CREST Certified
September 25, 2024
Blacklock

Monday morning and you hear the great news. How does it feel? Just received an email fromCREST Australiathat I have cleared the exam and now I’m CREST certified professional…JI’m all excited…J

Continue Reading
Subscribe to our newsletter

Join our newsletter today and enhance your knowledge with valuable insights. It's quick, easy, and free!

Be a Team Player
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.