Clickjacking is a discreet but formidable attack technique. It exploits the user interface to trick victims into interacting with invisible or disguised elements.

A simple click can thus lead to unwanted actions: modification of settings, account theft, or execution of a malicious script.

Object injection is an application vulnerability that occurs when an application deserializes untrusted data.

If an attacker manages to inject a malicious object, he can exploit its properties to execute arbitrary code, steal data, modify the application’s behaviour or manipulate files remotely. In other words, this vulnerability can lead to a total compromise of the targeted system.

Blind SQL Injections are a category of SQL injection. Unlike traditional SQL injections, they do not directly provide the results of queries or detailed error messages.

The attacker must therefore rely on indirect clues, such as changes in the application’s behaviour or variations in response times, to exploit the vulnerability.

Kerberoasting is a common attack in Active Directory environments. It is based on a weakness in the Kerberos protocol, but its exploitation requires specific configurations.

In this article, we will explain how a kerberoasting attack works. We will also look at how to identify and exploit a vulnerable environment, as well as methods for protecting against it.

Although XML is an old language, it is still widely used, particularly in the banking sector. If you’re a pentester or a developer, you’re likely to come across XML at some point.

This format presents a number of specific vulnerabilities, including XPath injections.

Buffer overflow is one of the oldest and most exploited vulnerabilities. Despite this long history, they remain a major threat today.

Whether on servers or critical applications, the consequences of a buffer overflow can be devastating. In this article, we will explore in detail the principles of buffer overflow and the different types of attack. We will also detail the methods of exploitation, as well as the security best practices to protect against them effectively.

Man in the Middle (MitM) attacks exploit network configuration flaws and the absence of robust security mechanisms to guarantee the integrity and confidentiality of exchanged data.

These attacks consist of intercepting and manipulating communications between two parties, generally a client and a server, without their knowledge.

With a good Internet connection and high-performance hardware, users can have the impression that their actions on a web page are instantaneous or almost.

However, it should not be forgotten that a server takes time to process requests. Even if it is a matter of milliseconds, this delay may be of interest to an attacker. These are known as race condition attacks.