DSecured Knowledge

Articles and blog posts

Here you will find all the articles and blog posts of the DSecured team. We write about current topics that concern us and that we consider important.

5

Articles live

Focus

Offensive Security

Current

New Articles

View Latest Articles To the Glossary

Cyber Security Blog

Recommended

Spring Boot Actuator - Using misconfigurations to your advan...

Regular

New Insights

Spring Boot Actuator - Using misconfigurations to your advantage: paths, bypasses, techniques

Featured article

Writeups

Spring Boot Actuator - Using misconfigurations to your advantage: paths, bypasses, techniques

by Damian Strobel Sep 30, 2025

This article shows how misconfigured Spring Boot Actuator endpoints can be exploited in penetration tests or bug bounty programs. It covers discovery methods beyond /actuator/, the use of special headers (e.g., X-Forwarded-For), path traversal and semicolon bypasses, and access to critical endpoints such as mappings, metrics, httptrace, or heapdump. Practical examples are used to explain how attac...

WordPress hacked: How to find most backdoors in the code

Writeups Oct 14, 2025

WordPress hacked: How to find most backdoors in the code

Every day, thousands of websites are presumably infected with malware. These sites in turn distribute viruses and trojans to unsuspecting visitors. In addition, infected pages and serv...

Does WordFence protect my WordPress site as well as everyone claims?

Writeups Oct 14, 2025

Does WordFence protect my WordPress site as well as everyone claims?

In my daily work, I keep encountering clients who rely too heavily on WordFence and similar tools. What’s missing is the understanding that even though everything seems perfectly secured, they still g...

How-to: Removing malware and backdoors from WordPress

Writeups Oct 14, 2025

How-to: Removing malware and backdoors from WordPress

If a WordPress installation is compromised after a successful attack, there are two options - either you delete everything and start from scratch, later import the database and your files a...

Spring Boot Actuator - Using misconfigurations to your advantage: paths, bypasses, techniques

Writeups Sep 30, 2025

Spring Boot Actuator - Using misconfigurations to your advantage: paths, bypasses, techniques

This article shows how misconfigured Spring Boot Actuator endpoints can be exploited in penetration tests or bug bounty programs. It covers discovery methods beyond /actuator/, the use of special head...

How important is it to perform penetration testing to comply with GDPR?

Data Privacy Oct 11, 2023

How important is it to perform penetration testing to comply with GDPR?

Understanding GDPR and Its Requirements The General Data Protection Regulation (GDPR) is a stringent data protection regulation that came into effect on May 25, 2018. It is designed to improve and un...