SecureLayer7 Lab

SecureLayer7 Lab is important part of company. We release the most of the research work under this section. The goal of the lab is to share the information with readers and to educate them. If you have any questions, please email [email protected].

November 9, 2022

WonderCMS 3.1.3 Vulnerable to Authenticated Server-Side Request Forgery – CVE-2020-35313

Introduction: Robert wants to develop a basic content management system (CMS) because he became sick of all the bloated systems that had too many features and […]
October 28, 2020

OWASP Top 10 Web Application Security Risks: SQL Injection

Injection. What is Injection? Injection in simple terms means supplying an untrusted input in the application. This untrusted input then gets interpreted by the interpreter considering […]
June 27, 2019

Identifying UART Pins Without a Multi-Meter

As someone who likes to tinker with hardware, we often find ourselves opening up a device to find UART pins which are originally meant for debugging […]
February 8, 2018

Web Services and API Penetration Testing Part #2

Welcome readers to Part 2 of Web Services Penetration Testing. In this part, we will take a quick look into the various test cases, tools, and […]
January 9, 2018

Tabnabbing – An art of phishing

This blog is about a technique used by attackers to perform a phishing attack by using the Tabnabbing. Although, this was technique was invented a long […]
January 1, 2018

Intercepting thick clients sans domain: Thick Client Penetration Testing – Part 5

For carrying out penetration testing assessments, our main aim has been to resolve the actual domain to the loopback IP address, by adding an entry to […]
January 1, 2018

Dark Web: Accessing the hidden content Part #2

Using I2P to access the dark web – Part #2 I2P Intro: According to Wikipedia, The Invisible Internet Project (I2P) is an anonymous network layer that allows for  peer […]
December 30, 2017

Dark Web: Accessing the hidden content Part- 1

  Curiosity towards hidden and unknown things is natural to people. For the general folks, Internet is existence of websites indexed via popular search engines like […]
December 18, 2017

Fileless malware- the ninja technique to spread malwares using default os tools

What are fileless malwares? Fileless malware are not typical malwares that probe directly or indirectly to install software on a victim’s machine and then execute. Instead, […]
Enable Notifications OK No thanks