-
Using Wireshark to Analyze Network Traffic
Wireshark is a network analyzer that is used to analyze incoming and outgoing packets between source and destination hosts. This helps with getting a better understanding of the types of network traffic that appear on a specific network. This makes it a useful tool for both networking and security as...
-
An Insight into the Certified Red Team Operator 2021 Course
Introduction I passed the Red Team Operator (RTO) exam after going through the updated RTO course and labs. The RTO course covers red team principles such as adversary simulation, command and control and OPSEC considerations, while also focusing on internal penetration testing such as Active Directory attacks. This post will...
-
A Summary of the Log4j RCE Vulnerability (CVE-2021-44228)
A zero-day remote code execution vulnerability (CVE-2021-44228), named ‘Log4Shell’, was found that affects Log4j 2 versions 2.14.1 and below. Log4j is a logging library that is used in many Java applications. The vulnerability has been rated critical with a CVSS score of 10. The severity of this vulnerability is evident...
-
How to Manage Your Passwords Using Bitwarden
In this day and age, password attacks are a popular attack vector that has been leveraged by attackers to gain unauthorised access to user accounts, resulting in data breaches. The root cause of this is the use of weak passwords that are easy to remember. Compounded with password reuse, attackers...
-
An Overview of the Apache Zero-Day Vulnerability (CVE-2021-41773)
Apache recently released patches for a zero-day vulnerability affecting versions 2.4.49 (CVE-2021-41773) and 2.4.50 (CVE-2021-42013) of its web server on both Windows and Linux servers. The zero-day vulnerability was a directory traversal that could allow an attacker to access arbitrary files on the web server. Directory traversal (also known as...