José Manuel Barranco Castelar’s Post

Here's how you can commit code fixes automatically, without having to leave the screen of your GitHub Pull Request. Give it a try!

🚀Day 6: I tackled file path traversal with null byte bypass! This technique highlights the importance of proper user input validation to prevent attackers from accessing unauthorized files. Learning about web security vulnerabilities empowers us to build stronger defenses. What are you doing to stay sharp in this ever-evolving field? #WebSecurity #BugBounty #portswigger #LearningJourney

While doing the NEAR Audit I've gathered a list of types of vulnerabilities that I've extracted from many of the existing public reports. The next step is to use it to figure out if any of these are found in the codebase. I've added it to our Zealynx Security Notion.

Authentication Bypass - Learn how to find and exploit IDOR vulnerabilities in a web application giving you access to data that you shouldn't have. Little bit tricky but got there...think I may pause this whilst I focus on my Network + exam

Explore the Aliens vulnerable machine by Hacksudo in this detailed walkthrough. Learn how to exploit phpMyAdmin vulnerabilities, gain shell access, and tackle SUID binaries. Perfect for beginners looking to understand real-world vulnerabilities and enhance their ethical hacking skills.

🚨 Brace yourselves! Have you heard about the worst API ever? In case you missed it, we recently published a story on how the most basic security holes and design flaws can expose an API to massive vulnerabilities. Learn more about how such simple errors can have dire consequences: https://hubs.ly/Q02gCrGQ0 #APIsecurity

"the SILENTSHIELD team gained initial access by exploiting a known vulnerability in an unpatched web server" At our last board meeting, I gave a presentation on product security, and in the middle I stuck a Pop Quiz that asked how many zero days were used in a number of high profile attacks. The most disruptive ones used ZERO, opting instead to simply leverage known vulnerabilities, with exploit code more or less lying around. After all, why risk burning a precious zero day when folks are SO bad at patching? It's long overdue that we eliminate the class of compromise stemming from unpatched vulnerabilities. Chainguard is here to help. Link to the article in comments.

🚨You've likely heard of the wide-spread log4j vulnerability, but many of your other dependencies might also contain known vulnerabilities which could weaken your application security 🛡️. Use your dependency managers to list known vulnerabilities for your dependencies and then determine how they affect you: 👉go: govulncheck 🧐 👉rust: cargo audit 🕵️ 👉nodejs/npm: npm audit 🔍 Don't forget to have your dependencies audited too! 📋 Stay tuned – more tips will follow! 📢

The White House published a report on the importance of memory-safe code languages in security. Here's Todyl's perspective on why they're so important in reducing vulnerabilities: https://hubs.la/Q02nnMfq0

Microsoft Internet Explorer use-after-free vulnerability This vulnerability allows a remote attacker to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object. CISA added CVE-2012-4792 to the list of known exploited vulnerabilities.