Scareware exploits fear of online threats to trick users into purchasing fake security software. Learn to recognise the warning signs and avoid falling victim. … More Scareware: How Fake Security Alerts Trick Users into Installing Malware
TLS is the successor to SSL and provides encryption, authentication, and data integrity. Covers the TLS handshake, TLS vs SSL differences, and the four design goals. … More Transport Layer Security (TLS): How It Protects Your Data in Transit
Sandboxing creates isolated execution environments that prevent untrusted programs from affecting the real system. Covers ASP.NET trust levels, Virtual Machines, Proof-Carrying Code, and malware analysis sandboxes. … More Sandboxing: Running Untrusted Code Safely
Footprinting is the first step in targeted intrusion — building a profile through OSINT, network enumeration, ping sweeps, TCP/UDP scans, OS identification, and HTTP fingerprinting. … More Footprinting: How Hackers Build a Profile of Your Organisation
OS Commanding attacks inject operating system commands through unsanitised web application input, executing them with the web server’s privileges. … More OS Commanding Attacks: Injecting System Commands Through Web Applications
XPath Injection mirrors SQL Injection but targets XML databases. Unlike SQL, XPath has no ACLs — a successful injection can return the entire XML document. … More XPath Injection Attacks: SQL Injection’s XML Counterpart
Reverse social engineering flips the script — the attacker poses as an authority figure so employees come to them for help. Learn the three-step attack cycle: sabotage, marketing, and support. … More Reverse Social Engineering: When the Attacker Becomes the Expert You Trust
Format String Attacks occur in C/C++ when user input is used directly as a format string in functions like printf. Exploiting format specifiers can lead to memory disclosure or arbitrary memory writes, risking full code execution. To prevent these attacks, use explicit format strings and avoid specific dangerous specifiers. … More Format String Attacks: How Printf Vulnerabilities Enable Memory Exploitation
FTP transmits credentials and data in cleartext, making it vulnerable to sniffing and MITM attacks. Covers SFTP migration, anonymous FTP risks, and traffic security controls. … More FTP Security: Risks, SFTP Migration, and Securing File Transfer
Code signing uses digital signatures and CA-issued certificates to verify that downloaded software is genuine and unmodified. Covers how it works, signable file types, and its limitations. … More Code Signing: Establishing Trust in Internet-Distributed Software
