Try Now
Get hands on with Cobalt's PtaaS Platform

Core Blog Roundup

Check out what our Core has been up to!

As we look back on Q1 we’re highlighting some of the blogs and contributions our pentesters have made to the security community. Our Core members, as we like to call our pentesters, frequently contribute their expertise in the form of blogs, and helpful tips to spread awareness amongst their security colleagues. 

 

Egidio walks us through how ImpressCMS works, and how to best use it. ImpressCMS is an open-source Content Management System that is used when managing multilingual websites. 

In March, security researcher Max Kellermann published the vulnerability nicknamed ‘Dirty-Pipe’ which allows an attacker to perform a local privilege escalation. Sheeraz broke down just how this vulnerability works. 

Have you heard of Kerberos? It’s a tool that provides secure authentication on an insecure network. Sheeraz walked us through just how exactly it functions. 

In February Aditya found a remote code execution vulnerability in the blogging platform Hashnode which is often used by those in the engineer and developer community. He actually found this vulnerability when he was trying to upload a blog himself. Check out this article from the Daily Swig about the experience. 

Armaan wrote a blog about how to exploit DOM-based XSS through misconfigured post message function. This relates to being able to bypass the same-origin policy when working with two sites. 

Suraj created a utility to quickly create your HTML smuggled files. 

 

 

Cobalt Core Secret Sauce CTA Image 2022

Back to Blog
About Shelby Matthews
Shelby Matthews is a Community Content Associate at Cobalt. She works on content created for the Cobalt Core and content that is about them. More By Shelby Matthews