Blog 🤓 – Page 2 – Security Queens

Text Me When You Get Pwned: What is SMShing and How Do I Protect Myself?

by SophiaAwareness, Rapid Reads 5 May 202326 April 2023No Comments

Estimated difficulty: 💜🤍🤍🤍🤍 What is SMShing? SMShing (AKA Smishing) is a type of social engineering attack conducted over text messages, also known as SMS phishing. Social engineering attacks rely on exploiting human behaviour and reaction rather than a technical vulnerability. Criminals who “SMSh” or “phish” are usually financially motivated, using stolen information to steal money …

ChatGPT: Let’s try it out!

by SarahAwareness, Development, Penetration Testing, Special Interest 7 April 202329 March 2023No Comments

Estimated difficulty: 💜🤍🤍🤍🤍 You may have already heard of ChatGPT. It has been a headliner in the news recently, mainly with a concern that it will replace hundreds, thousands, or maybe even more jobs! This post does not intend to add to the fear mongering, but more explore what we can do with ChatGPT and …

Read more “ChatGPT: Let’s try it out!”

Android Attack: Intro to Frida

by SarahAndroid 3 February 202329 March 2023No Comments

Estimated difficulty: 💜💜💜🤍🤍 What is Frida? Frida is a potent tool used by reverse engineers to perform several different tasks. It is open source and once downloaded includes an extensive tool suite. These tools are: Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. https://frida.re/ For this post, I wanted to walk through some basic …

Typo-What?! How Attackers Use Typo-squatting to Lure You to Dodgy Websites

by SophiaAwareness, Learning Resources, OSINT 6 January 20235 January 2023No Comments

Estimated difficulty: 💜🤍🤍🤍🤍 New year, new blog post… obviously! To kick things of in 2023, today we’ll be talking about a commonly used social engineering technique called typo-squatting and how you can identify malicious domains/websites to protect yourself, or how to protect your organisation or brand if you own a website domain. Typo-squatting is by …

Android Attack: JavaScript Interfaces and WebViews

by SarahAndroid, Rapid Reads, Special Interest 2 December 202221 November 2022No Comments

Estimated difficulty: 💜💜🤍🤍🤍 This post will walk you through what a JavaScript interface is and how you might retrieve the Java object from the application into the application WebView using this method. A WebView is pretty much what it says on the tin. Android applications can define a WebView within an Activity class in order …

The Importance of Not Doing Work: Avoiding Burnout Part Two

by SophiaLearning Resources, Rapid Reads 4 November 20222 November 2022No Comments

So in hindsight this title is a tad misleading, I’m definitely not suggesting to drop all your job responsibilities in a blink of an eye…! But rather evaluate your work/life balance to ensure you’re prioritising your mental health above all – as of course, you should always be your first priority. I’m writing this blog …

Android Attack: Reversing React Native Applications

by SarahAndroid, Mobile 7 October 202217 October 20228 Comments

Estimated difficulty: 💜💜🤍🤍🤍 This post is going to walk you through how to reverse engineer an Android application that is built using React Native. It is more common to see applications being built using this mobile framework, as it supports the development of an app in both Android and iOS platforms. Let’s unpack this further! …

XXE Injection: To Entity and Beyond!

by SophiaPenetration Testing, Web 9 September 20228 September 2022No Comments

Estimated difficulty: 💜💜💜💜🤍 Welcome back readers! After a few months hiatus, the Queens are back in action and ready to blog to our heart’s content! This month’s blog we will be delving into the art of XXE injection, what it is, a few ways to exploit it, and the mitigation techniques used “IRL”. A huge …

Shh! Weaknesses In Remote Management Protocols

by SarahPenetration Testing, Technical Fundamentals 3 June 20221 June 20222 Comments

Estimated difficulty: 💜🤍🤍🤍🤍 Recently I was studying for CRT. To help myself and others revise, I thought I would make this blog post on management protocols and some of their common weaknesses and vulnerabilities. This is a high-level overview of some of these protocols and how to exploit them. We will cover the following: SSH …

Smashing Stacks and All the Hax

by SophiaRapid Reads, Special Interest 6 May 202210 May 2022One Comment

Estimated difficulty: 💜💜💜💜🤍 Hulk, smash? Stacks, that is! Welcome to another strictly hax-themed blog, and something a little out of my comfort zone I must say – so if there are any constructive criticisms or feedback… Please let me know! This month we are covering the basics of stack smashing AKA stack-based buffer overflows, we’ll …