Privilege Escalation exploits security flaws to grant low-privileged users administrative access. Covers horizontal vs vertical escalation, privilege separation, and mitigation. … More Privilege Escalation: How Attackers Gain Unauthorised System Control
A zero-day attack exploits vulnerabilities before a patch exists. Learn about the five-phase window of exposure and layered defences. … More Zero-Day Attacks: What They Are and How to Defend Against Them
Brute force attacks use exhaustive trial-and-error to guess credentials. Covers normal vs reverse brute force, session ID attacks, and practical prevention. … More Brute Force Attacks: How Attackers Crack Passwords and How to Stop Them
Directory indexing exposes server file structures when no default index page exists, enabling attackers to find backup files, config files, and naming conventions. … More Directory Indexing Attacks: When Your Web Server Reveals Too Much
Information leakage through HTML comments, verbose error messages, and plaintext data gives attackers the clues needed for SQL Injection and other attacks. … More Information Leakage Attacks: How Applications Unintentionally Reveal Sensitive Data
SMTP has no built-in security — messages are unencrypted and can be forged. SMTP-AUTH adds authentication that prevents unauthorised relay while enabling legitimate use from anywhere. … More SMTP-AUTH: Securing Email Transmission and Preventing Spam Relay
HTTP Verb Tampering exploits misconfigured VBAAC rules by using unlisted HTTP methods to bypass access controls. Covers the vulnerability, examples, and prevention. … More HTTP Verb Tampering: Bypassing Security Controls with Unexpected HTTP Methods
Site probing is the initial reconnaissance phase of web attacks. Attackers map OS, web server, database, and parameters to build an attack strategy. … More Site Probing: How Attackers Scan and Map Your Web Application
Email spoofing forges the sender address to impersonate trusted parties. Since SMTP has no authentication, anyone can send as anyone. Covers how it works and cryptographic countermeasures. … More E-mail Spoofing: Forged Emails and How to Detect and Prevent Them
Scareware exploits fear of online threats to trick users into purchasing fake security software. Learn to recognise the warning signs and avoid falling victim. … More Scareware: How Fake Security Alerts Trick Users into Installing Malware
