Estimated difficulty: 💜💜🤍🤍🤍 A nice quick read this month as we talk about the Cyber Threat Intelligence model the Pyramid of Pain. A long, long, time ago (2013) in a land far, far, away (the United States), David J. Bianco developed the Pyramid of Pain as a conceptual model to Continue Reading
Phishing : Analysing a Phishy
Estimated difficulty: 💜🤍🤍🤍🤍 I am sure many of you have heard of the term ‘phishing‘. Phishing is a form of social engineering, where the campaign is likely to pose as a trusted service or person, which may trick a user into giving away credentials, money or personal identifiable information. The Continue Reading
Text Me When You Get Pwned: What is SMShing and How Do I Protect Myself?
Estimated difficulty: 💜🤍🤍🤍🤍 What is SMShing? SMShing (AKA Smishing) is a type of social engineering attack conducted over text messages, also known as SMS phishing. Social engineering attacks rely on exploiting human behaviour and reaction rather than a technical vulnerability. Criminals who “SMSh” or “phish” are usually financially motivated, using Continue Reading
Android Attack: JavaScript Interfaces and WebViews
Estimated difficulty: 💜💜🤍🤍🤍 This post will walk you through what a JavaScript interface is and how you might retrieve the Java object from the application into the application WebView using this method. A WebView is pretty much what it says on the tin. Android applications can define a WebView within Continue Reading
The Importance of Not Doing Work: Avoiding Burnout Part Two
So in hindsight this title is a tad misleading, I’m definitely not suggesting to drop all your job responsibilities in a blink of an eye…! But rather evaluate your work/life balance to ensure you’re prioritising your mental health above all – as of course, you should always be your first Continue Reading
Smashing Stacks and All the Hax
Estimated difficulty: 💜💜💜💜🤍 Hulk, smash? Stacks, that is! Welcome to another strictly hax-themed blog, and something a little out of my comfort zone I must say – so if there are any constructive criticisms or feedback… Please let me know! This month we are covering the basics of stack smashing Continue Reading
Zoning Out: An Introduction to DNS Zone Transfers
Estimated difficulty: 💜💜🤍🤍🤍 DNS (Domain Name System) zone transfers are used to help replicate databases across different domain servers, allowing administrators to modify or edit records easily by implementing the changes on one server and copying the changes to the others. Zone transfers are completed using the AXFR protocol, and Continue Reading
Light ’em Up: An Introduction to LiDAR
Estimated difficulty: 💜💜🤍🤍🤍 It’s been a while since I’ve written about zoom hax, if you’re new to Security Queens – you can find my last blog post on hacking cars via. the Control Area Network (CAN) here. Instead of focusing on physical CAN bus hacking, this blog post will do Continue Reading
Who Ya Gonna Call? DirBuster!
Estimated difficulty: 💜💜🤍🤍🤍 Need to bruteforce directory names on a web application? Or perhaps you need to find unlisted files on a web server? Who ya gonna call? DIRBUSTER! So first thing’s first, the boring pentesty theory bit before we do all the mad hax and walkthrough the basics of Continue Reading
Stressed Out, Burned Out, and a I Feel Like a Fake
I’ve always been a perfectionist. I’ve always striven to be the best version of me that I could be! When I started in university and my journey into cybersecurity, I pushed myself to stand out, be “perfect” and to do it with no mistakes. An impossible task, I realise now, Continue Reading