- Details
Privasec's Consultant Sajeeb Lohani has released the second article of his new ‘Weaponising Series’, after a great response on ‘Weaponising AngularJS bypass’. The article highlights techniques of weaponising staged cross-site scripting (XSS) payloads. Check out the full article here. Stay tuned to Privasec's News page for further additions to this series.
- Details
Our team is proud to announce that Privasec RED's Consultant, Sajeeb Lohani has broken the world record by privately disclosing 120 Open-Source CVEs.
- Details
Privasec is really excited to introduce our first ever master class training workshops. Learn from our experienced GRC or Purple Team specialists about the latest regulations and techniques in this one day knowledge-transfer session. Have your pick from our 5 different workshops! These are especially designed to help our IT and security professionals upskill and sharpen their knowledge on security and risks. Limited spots are available, so grab your tickets now. The links below include more details about each workshops.
- Details
Red Team vs Blue Team
- Details
In 2019, attackers are phishing targets to retrieve sensitive information that ultimately leads to data compromise. Phishing is the technique where a malicious actor lures a victim into revealing sensitive information. This can be through large “spray-and-pray” type campaigns involving multiple recipients or, a more targeted approach crafting attacks for specific individuals, known as Spear Phishing. Phishing has been around since the early days of the Internet as one of the oldest vectors of attack.
Phishing provides a very successful avenue to obtain credentials for hackers. The simplest and most efficient way to achieve this is by redirecting users to a website with some sort of submission form. With a little bit of effort such as purchasing domains with similar names and using tools to scrape and mirror legitimate website content, an attacker can forge a highly-convincing scenario.
- Details
Simply putting your data into a cloud service does not guarantee its security. As cloud based services deliver rapid, cost-effective and commoditised business IT solutions, security and information risks increase.
