Skip to content

Blog

Unveiling SSL / TLS Vulnerabilities: A Red Teamer's Guide to Exploiting Weaknesses with SSLScan and TestSSL

Unveiling SSL/TLS Vulnerabilities: A Red Teamer’s Guide To Exploiting Weaknesses With SSLScan And TestSSL

SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are cryptographic protocols that ensure secure communication over the internet. They provide data encryption, authentication, and integrity verification to protect sensitive information transmitted between a user’s web browser and a website, or between servers. This security is crucial for online transactions, sensitive data exchange,… Read More »Unveiling SSL/TLS Vulnerabilities: A Red Teamer’s Guide To Exploiting Weaknesses With SSLScan And TestSSL

NoSQL, means “not only SQL,” refers to a broad category of database technologies that are intended to manage huge volumes of unstructured and semi-structured data.

Detecting NoSQL Injection

SQL Injection is an evergreen vulnerability being discovered on a regular basis in enterprise products and open source libraries as shown by the below chart. Apart from SQL Injection, there are multiple types of injection vulnerabilities such as Command Injection, Nosql injection, OS injection, HTML injection etc. Over the past 10 years, NoSQL databases have… Read More »Detecting NoSQL Injection

Critical CVEs And Active Threats This Week (November 13th – 17th)

This week from November 13 to November 17, Firecompass research identified a huge number of CVEs that are high in severity and ransomware, botnets, and threat actors creating havoc. Some of the CVEs identified are of popular commercial products used by variants of industries and somenew & well known malwares targeting industries for this week.… Read More »Critical CVEs And Active Threats This Week (November 13th – 17th)

How do attackers utilize .git

How Do Attackers Utilize .git For Fun And Profit?

Security teams are busy fixing CVEs, SQLi, and other critical vulnerabilities. However, exposing .git can potentially leak credentials, source code and other sensitive information. In this blog, we will uncover the dangers of hidden exposed .git, and how to identify and mitigate the relevant risk. Introduction In the realm of software development, Git stands as… Read More »How Do Attackers Utilize .git For Fun And Profit?

Critical CVEs And Active Threats

Critical CVEs And Active Threats This Week (November 6-10, 2023)

This week from November 6 to November 10, FireCompass research identified a huge number of CVEs that are high in severity and ransomware, botnets, and threat actors creating havoc. Some of the CVEs identified are of popular commercial products used by variants of industries and some new & well known malwares targeting industries for this… Read More »Critical CVEs And Active Threats This Week (November 6-10, 2023)

Use Cases
Technology
About
Partner
Resources

©2024 FireCompass, All Rights Reserved.