JUSTFORTHESHELLOFIT

Shelling It Out

Cybersecurity Blog

  • Web Shells

    March 11, 2021 by

    Microsoft Exchange finds itself being updated repeatedly in a short span after the January discovery of suspect activity from a reportedly Chinese APT. Several CVE’s have been documented including the use of a Server Side Request Forgery (SSRF) vulnerability. There are new scripts out that are available to the public that can be used to… Read more

  • BOLA is Super-Contagious

    February 10, 2021 by

    Given the choice of having IDOR or BOLA, which do you think is preferred? The correlation of Ebola Virus Disease aside, it should be noted that both IDOR and BOLA are one in the same. IDOR (Insecure Direct Object Reference) and BOLA (Broken Object Level Authorization) are abbreviations reserved for manipulating object ID’s via API’s… Read more

View all posts

Follow My Blog

Get new content delivered directly to your inbox.

%d bloggers like this: