Image for post
Image for post
Top 10 Vulnerabilities of 2020

As we come close to the end of the year, it is interesting to analyze the vulnerability data to get an idea of what security issues were most commonly exploited in the year. Understanding this data can help us focus on critical and common issues to harden our application.

Note: The products mentioned in this article are not necessarily insecure, but rather large complex projects that are frequently used, and frequently targeted by attackers. It is important to be aware of security vulnerabilities in products, those that report the most vulnerabilities often end up being the most secure.

Analysis Methodology

All of…


Musical notation is a set of symbols that we use to communicate the sounds we want a player to create on their instrument. It can be seen as the language of music and is core to understanding most topics in music theory. We will start this article by seeing how notes are arranged on the piano. After this, we can naturally extend our understanding of the piano to theory, as well as any other instrument we might want to consider.

The Layout of the Piano

The piano consists of a set of (often 88) keys, each tuned to a specific note. In music, we…


Image for post
Image for post
An example graph

A graph is a structure used to represent how two or more objects connect to each other. Many problems in the computer science realm use graph representation, and as such, many algorithms revolve around efficiently finding properties in graphs. Before learning graph algorithms, it is important to understand what a graph is, and how it can be represented in code.

A graph consists of a set of vertices (or nodes), typically referred to as V, as well as a set of edges, typically referred to as E. Consider the graph below.


A stack is a set of items stored using a last-in first-out or LIFO policy. This means that the last thing that is inserted to the stack is the first thing that is removed from the stack. Often, we might think of a stack like a stack of dinner plates. When we place a plate onto the stack, we will place it on the top, and in turn when we want to take a plate off the stack, we also remove it from the top. This is the same sort of structure we wish to implement with a programming stack.


Image for post
Image for post

Looking to learn computer security and ethical hacking? Check out my course here: https://scott-s-school-51c9.thinkific.com/courses/introduction-to-ethical-hacking-and-penetration-testing. For $100, you can gain access to over 40 video tutorials discussing vulnerabilities, using Kali Linux, and Android based exploitation techniques!

Recently, SaltStack had a release regarding two vulnerabilities found in their product, CVE-2020–11651 and CVE-2020–1162. These two CVEs were able to be used by attackers to either remotely execute code, or disclose sensitive data from the server. Many organizations were using SaltStack for server orchestration, and as such, many organizations were compromised by these vulnerabilities (most notably Cisco https://threatpost.com/hackers-compromise-cisco-servers-saltstack/156091/).

As security researchers, we often want…


Image for post
Image for post

The process of ethical hacking can be broken down into 5 main phases. These phases are:

1. Reconnaissance

2. Scanning

3. Gaining Access

4. Maintaining Access

5. Covering Tracks

In this article, I will walkthrough each of the phases to give a general overview of what each phase entails.

Phase 1: Active and Passive Reconnaissance

Passive reconnaissance is the act of gathering information about a potential target without the target’s knowledge, whereas active reconnaissance involves probing networks which can increase risk of detection by the target. There are many different methods of reconnaissance utilized by attackers to help find vulnerable…


Image for post
Image for post
Photo by NESA by Makers on Unsplash

In general, hackers can be divided into three general groups: white hats, black hats, and gray hats. White hats are ethical hackers, they use their skills to help defend a system from malicious users. Black hats are malicious hackers who use their skills for illegal or malicious purposes. Gray hats are those who stand in the middle of white and black hat hackers. They work offensively and defensively, but do not strictly stay to one side of the spectrum.

When a company wants to evaluate the security of their systems and products, they need someone who has a knowledge of…


This article will explain to you the fundamentals of XXE vulnerabilities. When a server parses XML data provided by a user, there is a risk of XXE vulnerabilities. These vulnerabilities typically leverage external entities to expose sensitive information stored on the server. This is possible due to a feature known as XML external entities. These are a type of custom XML entity that can load values from outside of the document they are defined in. This means that an attacker can declare a path to a file or a URL, and the server will attempt to retrieve this data…


Interested in learning more about bug bounties and ethical hacking? Check out my course at: https://www.udemy.com/course/the-complete-guide-to-bug-bounty-hunting/

What is WFuzz?

WFuzz is a command line utility included in Kali Linux. It is used to discover common vulnerabilities in web applications through the method of fuzzing. Fuzzing is the concept of trying many known vulnerable inputs with a web application to determine if any of the inputs compromise the web application. It is a great tool to be able to quickly check common vulnerabilities against an application. …


My video explaination of detecting and patching Ghost Cat

The Ghost Cat vulnerability is a new vulnerability that is gaining traction. In this article, I will describe the vulnerability, the impact, and what can be done to fix the vulnerability on Tomcat servers.

What is Ghost Cat?

Image for post
Image for post
Image from https://www.chaitin.cn/en/ghostcat

Ghost Cat is a vulnerability that affects Apache Tomcat. It currently affects versions before 9.0.31, before 8.5.51, and before 7.0.100. It is caused by an inseucre configuration of the AJP protocol in the default installation of Tomcat, leading to attackers being able to cause information disclosure, and potentially remote code execution.

What is…

Scott Cosentino

Computer programmer specializing in security. My blog: www.scprogramming.com

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store