NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.
NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.

Community (2)

Cobalt Core Academy: Thick Client Pentesting with Harsh Bothra cover image

Cobalt Core Academy: Thick Client Pentesting with Harsh Bothra

Learn about thick client pentests in this Cobalt Core Academy with expert insights from Cobalt Lead, Harsh Bothra.
Pentester Guides Community
May 5, 2023
Est Read Time: 3 min
Read more

Mass Assignment & APIs - Exploitation in the Wild

APIs have become an integral part of many applications, with REST APIs being a popular choice for implementation. However, this popularity has led to security risks, with OWASP API Top 10 identifying vulnerabilities commonly found in APIs, including mass assignment. Harsh Bothra writes about this in his latest blog.
Pentester Guides Community
May 1, 2023
Est Read Time: 6 min
Read more

Pentester Spotlight: Rajanish Pathak

Rajanish Pathak is a Security Researcher from Goa, India, and a member of the Cobalt Core. His passion for cybersecurity was ignited by his curiosity about how systems work and how they can be breached. Read about Rajanish in his pentester spotlight.
Pentester Stories Community
Apr 27, 2023
Est Read Time: 3 min
Read more

Exploiting Buffer Overflow Vulnerabilities: A Step-by-Step Guide (Part 2)

Buffer overflow vulnerability happens when data written to a buffer exceeds its size, which may overwrite important data or execute malicious code. Attackers can exploit these vulnerabilities to gain unauthorized access, execute malicious code, or steal sensitive data. This blog will provide an overview of buffer overflow exploitation, including its causes, consequences, and the methods attackers use to exploit it. It's important to understand the basics before diving into exploitation and steps of buffer overflow.
Pentester Guides Community
Apr 24, 2023
Est Read Time: 18 min
Read more

Hacker Corner Episode 2: Managing a Community of 400+ Hackers

On this episode of Hacker Corner, host Sheeraz Ali sits down with Community Manager Elizabeth Ramirez to talk about managing a community of 400+ hackers.
Community
Apr 19, 2023
Est Read Time: 3 min
Read more

A Pentester’s Guide to Dependency Confusion Attacks

This blog post discusses the concept of "Dependency Confusion" in software development, where malicious code is injected into third-party dependencies, such as libraries or frameworks, that applications use.
Pentester Guides Community
Apr 17, 2023
Est Read Time: 7 min
Read more

Pentester of the Quarter: Shubham Chaskar

Cobalt is excited to announce that Shubham Chaskar is the Q2 Pentester of the Quarter!
Community
Apr 10, 2023
Est Read Time: 1 min
Read more

CSRF & Bypasses

This article discusses Cross-Site Request Forgery (CSRF) attacks, a web security vulnerability where an attacker tricks an authenticated website user into performing an unwanted action, such as transferring funds or changing their email address, by exploiting the user's browser cookies. The article explains how CSRF attacks work and how attackers can bypass CSRF token validation to exploit vulnerabilities in web applications. It also discusses several techniques that can be used to bypass CSRF defense, including removing the referer header, bypassing the regex, and using different Content-Type values.
Pentester Guides Community
Apr 10, 2023
Est Read Time: 8 min
Read more

Dynamic Duo: Dhiraj Mishra & Zubin Devnani

Dhiraj Mishra and Zubin Devnani, two Core Pentesters, have led ten successful fuzzing workshops together and have plans to continue. Read about how they got started in our blog about the Dynamic Duo in the Core.
Pentester Stories Community
Apr 5, 2023
Est Read Time: 2 min
Read more
    1 2 3 4 5