BestHub
Sign in
Tagged articles
20 articles
Page 1 of 1
Black & White Path
Black & White Path
May 27, 2026 · Information Security

Five AD Permission Misconfigurations That Let Attackers Escalate to Domain Admin Without Exploits

The article explains how misconfigured Active Directory DACL entries enable five distinct privilege‑escalation paths—ForceChangePassword, FullControl on Domain Admins, DCSync, WriteMembers, and GUID‑based ACE writes—demonstrating each step with impacket commands, showing detection events, and offering concrete defense recommendations.

Active DirectoryBloodHoundDACL
0 likes · 17 min read
Five AD Permission Misconfigurations That Let Attackers Escalate to Domain Admin Without Exploits
Black & White Path
Black & White Path
May 8, 2026 · Information Security

How Ukrainian Cyber Warriors Use Zapper to Hide Malicious Linux Processes

Zapper, a Linux process‑hiding tool created by Hacker’s Choice, runs without root, manipulates the ELF auxiliary vector via ptrace, hides command‑line arguments, environment variables and child processes with negligible overhead, and has been observed in real Ukrainian cyber‑war operations, prompting specific defensive recommendations.

DefenseELF auxiliary vectorLinux security
0 likes · 10 min read
How Ukrainian Cyber Warriors Use Zapper to Hide Malicious Linux Processes
Black & White Path
Black & White Path
May 4, 2026 · Industry Insights

How the US Military Turned AI Into a Full‑Stack War Engine

In just three months the US Pentagon shifted from publicly rejecting AI weaponization to signing contracts with eight leading tech firms, creating a four‑layer AI‑driven closed loop that makes AI the central brain of modern warfare and grants it access to top‑secret IL‑6 and IL‑7 networks.

AI contractsAI ethicsAI warfare
0 likes · 9 min read
How the US Military Turned AI Into a Full‑Stack War Engine
Big Tech Senior
Big Tech Senior
Mar 24, 2026 · Interview Experience

Top Defense Skills Needed for Promotion in Big Tech Companies

The article outlines the five most common question categories faced during promotion defenses at large internet firms and offers concrete preparation tips, example answer structures, and strategies for engaging interviewers to boost confidence and success.

DefenseInterviewbig tech
0 likes · 4 min read
Top Defense Skills Needed for Promotion in Big Tech Companies
Black & White Path
Black & White Path
Feb 23, 2026 · Information Security

Stop Random Brute‑Force: The Complete Guide to Internal Network Credential Collection

This article provides a step‑by‑step technical guide for gathering internal network credentials—including Windows memory dumping with Mimikatz, Linux /etc shadow extraction, network service scanning with SharpScan, Kerberoasting attacks, password‑spraying tactics, and defensive recommendations—targeted at authorized penetration‑testing scenarios.

DefenseKerberoastingMimikatz
0 likes · 24 min read
Stop Random Brute‑Force: The Complete Guide to Internal Network Credential Collection
Black & White Path
Black & White Path
Feb 21, 2026 · Information Security

When Search Engines Turn Into Poison: SEO‑Based Malware Targeting Chinese Users

FortiGuard Labs reveals a sophisticated SEO poisoning campaign that lures Chinese Windows users to fake software sites, delivers hidden Hiddengh0st and Winos malware, employs anti‑analysis tricks, establishes persistence, and exfiltrates data, while the article breaks down the full attack chain and offers practical defense steps.

DefenseInformation SecurityPersistence
0 likes · 7 min read
When Search Engines Turn Into Poison: SEO‑Based Malware Targeting Chinese Users
Lobster Programming
Lobster Programming
Jan 19, 2026 · Information Security

How CSRF Attacks Exploit Trusted Sessions and How to Defend Them

This article explains the principle and step‑by‑step flow of Cross‑Site Request Forgery attacks, illustrates common exploitation techniques such as forged GET/POST requests and click‑bait links, and outlines practical defenses including POST usage, HttpOnly cookies, CSRF tokens, and double‑submit cookie validation.

CSRFCross-Site Request ForgeryDefense
0 likes · 6 min read
How CSRF Attacks Exploit Trusted Sessions and How to Defend Them
Java Tech Enthusiast
Java Tech Enthusiast
Sep 1, 2024 · Information Security

XSS Defense in Spring Boot Applications

The article explains how to protect Spring Boot applications from XSS attacks by using custom annotations such as @XSS with an XssValidator and by implementing a request‑filter chain—including XssFilter and XssWrapper—to sanitize input, demonstrating through tests that both approaches reliably secure user data.

DefenseJavaSecurity
0 likes · 14 min read
XSS Defense in Spring Boot Applications
Open Source Linux
Open Source Linux
Dec 15, 2023 · Information Security

Understanding Ransomware: Types, Attack Methods, and Effective Defenses

This article explains what ransomware is, outlines its main variants such as encryption‑based, lock‑screen and doxware ransomware, describes common infection vectors like brute‑force, phishing and exploit kits, and provides practical network‑ and host‑side defenses as well as response steps if an attack occurs.

DefenseInformation SecurityRansomware
0 likes · 9 min read
Understanding Ransomware: Types, Attack Methods, and Effective Defenses
21CTO
21CTO
Aug 20, 2023 · Information Security

India’s Maya OS: A Homegrown Secure OS to Safeguard Defense Networks

India’s Ministry of Defence is rolling out Maya OS, a domestically‑developed, Ubuntu‑based operating system with built‑in full‑disk encryption, intrusion detection, sandboxing, and the Chakravyuh endpoint protection suite, aiming to replace Windows on all connected military computers by year‑end.

DefenseEndpoint ProtectionIndia
0 likes · 5 min read
India’s Maya OS: A Homegrown Secure OS to Safeguard Defense Networks
System Architect Go
System Architect Go
Mar 3, 2021 · Information Security

HTTP Request Smuggling

This article explains what HTTP request smuggling is, how the vulnerability arises from conflicting Content‑Length and Transfer‑Encoding headers, describes common CL.TE, TE.CL and TE.TE attack patterns, and outlines detection techniques and defensive measures for modern web infrastructures.

AttackDefenseHTTP
0 likes · 29 min read
HTTP Request Smuggling
System Architect Go
System Architect Go
Mar 1, 2021 · Information Security

How Attackers Exploit Directory Traversal and How to Defend Against It

This article explains what directory (path) traversal is, demonstrates how attackers can read or write arbitrary files on a server by manipulating file‑path parameters, outlines common bypass techniques, and provides concrete defensive coding practices to mitigate the vulnerability.

DefenseVulnerabilityWeb Security
0 likes · 6 min read
How Attackers Exploit Directory Traversal and How to Defend Against It
Full-Stack Internet Architecture
Full-Stack Internet Architecture
Oct 12, 2020 · Information Security

Comprehensive Summary of XSS (Cross‑Site Scripting) Attacks and Defenses

This article provides a comprehensive overview of Cross‑Site Scripting (XSS), explaining its definition, dangers, underlying mechanisms, classification into stored, reflected, and DOM‑based types, common injection vectors, and practical defense strategies, while also addressing common questions and resources for further learning.

Cross-site scriptingDefenseInformation Security
0 likes · 11 min read
Comprehensive Summary of XSS (Cross‑Site Scripting) Attacks and Defenses
360 Smart Cloud
360 Smart Cloud
Nov 21, 2019 · Blockchain

Ethereum RPC Attack Methods and Defense Recommendations

This article outlines multiple Ethereum RPC attack techniques—including unlock‑account hijacking, miner‑address manipulation, brute‑force, offline, and zero‑fee attacks—provides detailed attack flow diagrams, code‑path references, recent honeypot statistics, and practical defense measures to secure RPC endpoints.

AttackBlockchainDefense
0 likes · 8 min read
Ethereum RPC Attack Methods and Defense Recommendations
Tencent IMWeb Frontend Team
Tencent IMWeb Frontend Team
Apr 9, 2017 · Information Security

Why Front‑End and Back‑End Security Must Work Together

The article reexamines web security as a holistic system, explaining attack goals, targets, and methods across browsers, transport channels, and servers, and shows how coordinated front‑end and back‑end defenses such as encryption, signing, and input validation are essential to protect the whole web stack.

DefenseWeb Securityattack vectors
0 likes · 13 min read
Why Front‑End and Back‑End Security Must Work Together
ITPUB
ITPUB
Jul 22, 2016 · Information Security

How Mining Trojans Hijack Linux Servers: Sample 101 Analysis and Defense

The article examines a cryptocurrency mining trojan (sample 101), detailing its process list, malicious startup scripts, SSH key injection, service deployment, removal steps, and offers practical defense measures against such malware infections.

Cryptocurrency MiningDefenseLinux
0 likes · 7 min read
How Mining Trojans Hijack Linux Servers: Sample 101 Analysis and Defense
Big Data and Microservices
Big Data and Microservices
Mar 28, 2016 · Information Security

Understanding Database SQL Injection: Types, Examples, and Defense Strategies

The article examines why databases are frequent targets of security breaches, explains the most common SQL injection vulnerability, categorizes injection paths, methods, and examples—including manipulation, code, function‑call, and buffer‑overflow attacks—then outlines practical defense measures such as input encryption, database firewalls, and patching.

Code InjectionDefenseInformation Security
0 likes · 14 min read
Understanding Database SQL Injection: Types, Examples, and Defense Strategies
Java High-Performance Architecture
Java High-Performance Architecture
Oct 8, 2015 · Information Security

Understanding XSS: Types, Exploits, and Effective Defenses

This article explains what Cross‑Site Scripting (XSS) is, distinguishes non‑persistent and persistent attacks with real‑world URL examples, and outlines practical defense strategies such as proper escaping, character‑set handling, and content‑type settings to protect web applications.

Cross-site scriptingDefenseXSS
0 likes · 4 min read
Understanding XSS: Types, Exploits, and Effective Defenses