Discovering vulnerable endpoints on API / Websites

Introduction Recently we had to do a security audit on a client’s API. However the documentation was very poor. After using some basic tools such as Zed Attack Proxy or Golismero. The report though kept haunting me for one reason when I was working on the API I realized that the error page had some […]

Read more
Dolohen WordPress Malware

Preface While recently maintaining a wordpress website for a client I came across a weird piece of code which caught my attention: <script type=”text/javascript” src=”https://dolohen.com/apu.php?zoneid=2285981″> I was able to see this referenced script through my personal web crawler: Kraken The tool is not yet available to public as I am finishing a few touches but […]

Read more