Tag Archives: Phishing

Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs

Sophisticated Spearphishing Campaign Targets Government Organizations, IGOs, and NGOs

This Joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are engaged in addressing a spearphishing …

Read More »

How to Prevent DOM-based Cross-site Scripting

How to Prevent DOM-based Cross-site Scripting

There’s no denying the role that JavaScript has played in making web applications the sleek, interactive, online experiences that we know and love today. This powerful scripting language brought interactivity and animation to the web. But with great power comes great responsibility. Cross-site-scripting (XSS) remains a persistent stalwart among the …

Read More »

How to access Dark Web?

The Dark Web and how to access it - blackMORE Ops - 6

The concept of the Dark Web isn’t vastly different from the Surface Web. There are message boards (e.g. 8chan, nntpchan), places you can buy things (e.g. Alphabay, Hansa), and blogs (e.g. OnionNews, Deep Web Radio). The rules, or rather a lack thereof, is what makes the Dark Web unique. Anything …

Read More »

Targeting websites with Password Reset Poisoning

What is Password Reset Poisoning?

Most of web application security vulnerabilities, leverage user input in ways that were not initially intended by their developer(s). Password Reset Poisoning is one such vulnerability, that leverages commonly unthought of headers, such as the Host header seen in an HTTP request: GET https://example.com/reset.php?email=foo@bar.com HTTP/1.1 Host: evilhost.com Notice the difference …

Read More »

Privacy Policy on Cookies Usage

Some services used in this site uses cookies to tailor user experience or to show ads.