Tag: cybersecurity research
-
Advanced web application fingerprinting with favicon hashes
In this blog, I cover leveraging favicons to fingerprint the technology that powers any given web application. Favicons can help group similar applications together, as well as pinpoint the technical stack behind the application.
-
Exploiting CI / CD Pipelines for fun and profit
In today’s world of fast-paced development and continuous integration, security vulnerabilities can be easy to overlook. Recently, I discovered a severe exploit chain, starting from a publicly exposed .git directory, which led to a full server takeover. This blog will walk through the chain of events, outlining how each weak point compounded the issue.