Author: Lipson Thomas Philip

The Nmap Scripting Engine (NSE) is an important feature of Nmap. It allows users to automate scans by running scripts from the command line. NSE supports only Lua scripts. Real-world use case: A network administrator can run automated, predefined scans of the organization’s network/server regularly. This can be really useful for detecting misconfigurations and out-of-date software, which can pose significant threats. NSE lets you run these types of scans: A total of 610 scripts are available for users. The default path of the location where the Nmap Scripting Engine scripts are stored is This allows users to quickly locate and…

Burp Suite is a renowned software used in web security for cyber security professionals. This software is based on a Java-based framework. This software is built and maintained by Portswigger. Burp Suite can be used in various sectors of cybersecurity, such as Application Programming Interfaces (API), mobile applications, and web application security. It can capture HTTP/HTTPS traffic between a web browser and a web server through a proxy chain. In simpler words, it is similar to an MITM attack. The attacker or a pentester can manipulate the captured requests to find vulnerabilities in the application. This software is used for…

John works in the security team at MiddleMayhem Incorporated. The security team detected unusual network traffic to their admin portal. However, no security breaches have been confirmed. John got SIEM logs about the incident from his team. He has to analyze the attack pattern to determine how the attackers bypassed authentication, achieved remote code execution, and moved laterally across the network. Lab Information DifficultyEasyOSLinuxPoints25Created ByBTLO MiddleMayhem Website The Middlemayhem company’s website is already being bookmarked. Now, let’s go check the website. If we examine the footer, we can see that the website uses the JavaScript Framework Next.js, 15.0.0. While looking…

In cybersecurity, organisations use security frameworks and controls to protect against threats, risks, and vulnerabilities. Frameworks include the NIST Risk Management Framework (NIST RMF), the Cybersecurity Framework (CSF), the CIA triad, and others. Most of the security framework can be applied to any organisation, regardless of its size (small, mid-sized, or large), to protect its assets, data, and operations. Different frameworks apply to various sectors, such as HIPAA for healthcare and PCI DSS for finance. Organisations can tweak the security framework to make it easier or more suitable for themselves. In this article, we will discuss security frameworks and controls,…

The most all-time dangerous exploit is a zero-day vulnerability or an unexplored complex virus in cyberspace. Just like its name suggests, the scheduled tasks aim to schedule the task and run on time without any problems. What if a seemingly harmless Windows feature could be your system’s most significant security risk? Confusing, right! Why don’t we start from the beginning? Whether it’s Windows Task Scheduler, Linux cron tasks, or macOS launchd, attackers have developed innovative ways to exploit these systems. By exploiting scheduled tasks, an attacker may gain long-term access, conduct stealthy operations, and implement powerful automation. This article explores…

In today’s digital world, users rely on search engines like Google, Yahoo, or Yandex. But there are a few search engines available that are used by cybersecurity professionals, security analysts, or other IT employees. Shodan is a search engine that reveals everything connected to the Internet, from small smartwatches to large smart TVs. What is Shodan? Shodan is a search engine that finds devices connected to the Internet, and some are available openly without login credentials. Shodan was created by John Matherly in 2009. Although Shodan is an essential tool for cybersecurity experts, hackers may find it to be a…

In this era, phishing scams are widespread. Every hour, someone is scamming someone in the world. Nothing is safe, from your inbox to your phone, and even social media. Below, we’ll explore 10 common phishing scams you have probably seen before, how they work, and what red flags to watch for. The government, banks, and other agencies are spreading awareness to prevent people from falling for it, but human nature sometimes ignores this. These scammers are becoming increasingly clever and evolving with technological advancements. The Classic Email Phishing Scam This method is easy and one of the oldest ways to…

Understanding Custom Domains in Cyberattacks Hackers often register brand‑aligned or innocuous custom domains (like microsoft‑updates‑secure.com) to craft emails that appear legitimate. These domains come with new domain age, untainted reputation, and control over DNS records. Hackers can make emails appear authenticated to filters by setting SPF and DKIM, even in cases where trust has not yet been established. New registries often aren’t on block lists. That fresh status helps these domains slip through spam filters and threat intelligence checks that rely heavily on historical data. Google Workspace Trial Accounts – A Hacker’s Playground The 14-day Google Workspace trial provides attackers…

NIST Cybersecurity Framework 2.0 is a set of best practices and guidelines designed to help organisations understand, manage, and reduce their cybersecurity risk. It was created by the US National Institute of Standards and Technology (NIST). It’s a go-to framework for any-sized organisation, from small to large, without needing much technical background. For a non-technical business owner, the framework can break down a complex topic into something manageable. For example, the NIST Cybersecurity Framework 2.0 works like a GPS that provides directions to help you reach your destination. In cybersecurity, it provides a step-by-step process for the safety of data…