Advanced subdomain reconnaissance: How to enhance an ethical hacker’s EASM
External Attack Surface Management (EASM) is the continuous discovery, analysis, and monitoring of an organization’s public facing assets. A substantial part of EASM is the …
How to
Articles that cover a range of 'How to' activities, including how certain hacks or tasks have been completed by ethical hackers.
How To Hack Web Applications in 2022: Part 2
TL/DR: Web applications have both authentication and authorization as key concepts and if bypassed by an attacker, it can compromise sensitive data. With threats such …
How to: Look for TLS private keys on Docker Hub
TL/DR: It’s becoming increasingly easy to compromise sensitive information for attackers to take advantage of. In this post, Detectify security researcher Alfred Berg wrote about …
How To Hack Web Applications in 2022: Part 1
TL/DR: Web applications can be exploited to gain unauthorized access to sensitive data and web servers. Threats include SQL Injection, Code Injection, XSS, Defacement, and …
How to set up Docker for Varnish HTTP/2 request smuggling
If you don’t know about HTTP/2 request smuggling then what are you hacking? Alfred Berg, Security Researcher at Detectify, shows you how to set up …
How to Hack APIs in 2021
Detectify Crowdsource is not your average bug bounty platform. It’s an invite-only community of the best ethical hackers who are passionate about securing modern technologies …
How-to Tutorial: PHP Webshell De-Obfuscation
I would like to introduce you to some obfuscated malicious PHP files that I had recently found on a WordPress website. I’ve written a detailed …
Bypassing CSP with Google Analytics
Our security researcher and Detectify Crowdsource hacker Linus Särud explains how he bypassed CSP with Google Analytics. Bypassing CSP with Google Analytics SP CSP stands …