Demonstrating with a real company how a hacker can compromise an organisation in under 2 hours using OSINT and social engineering. Video Transcript Today I’ll be demonstrating how cybercriminals use open-source intelligence to create targeted and highly effective phishing emails that can establish a foothold for company-wide ransomware attacks. …

I found a way to alter a premium subscription service price and bought it for a penny. This is how I did it. Whenever I’m bug hunting on a target that takes payments, I always try to buy something using a test credit card number as described in my write-up…

I spoofed access to other people’s email in order to pre-steal user accounts before they are first registered. Here’s how I did it. One thing I always test while hacking on bug bounty programs is how applications generate tokens. …

I found an API that exposed encrypted credit card numbers. Here’s how I cracked them to reveal the full card details. While hacking on a private bug bounty program, I found a graphql endpoint that exposed way more information about logged in users than it should have done. By playing…

“We’ve sent a six-digit code to your email address. Enter it below to login.” We see them all the time while testing web applications. In order to verify your identity, the application sends a 6 digit numerical code to your registered email address or phone number. The purpose is to…

Free and open proxy servers promise anonymous internet access, but at what cost? In a world of ever-decreasing online privacy, it’s easy to get sucked into the ‘use an anonymous proxy to stay safe’ narrative. …

Evading detection and building trust with Captcha challenges and Smishing attacks. This week I received another SMS Phishing attack which was almost identical to the previous Smishing attack I covered. There were two things that struck me as particularly interesting this time: The attack used the s.id …

How hackers manually escalated from a malicious email to a devastating, company-wide ransomware takeover in under 5 hours. (This article aims to contextualize an excellent incident report by Thedfirreport.com. I’ve used my own experience to fill in the gaps to demonstrate how these attacks affect real people in real companies.) The Attack Started Like Many Others …

Every image you post online leaks information about you. This is how anyone can find your location using Open Source Intelligence (OSINT). Open Source Intelligence In Action — Geolocating a Photograph Open Source Intelligence (OSINT) is the practice of using public or ‘open source’ information available on the internet to gather intelligence and gain insights on given targets. …