Collaborate Disseminate
I am learning thick client pentesting. In "File Testing" category, we have a vulnerability called "Framework backdooring". I tried googling the term but could not find any useful resources.
I would like to understand wh… Continue reading Framework backdooring vulnerability in thick client applications [closed]
It was hard to find papers on the applications of logical paradoxes(such as how Turing’s proof of the halting problem) or automata theory on penetration testing or exploit discovery. What are some projects one could work on to delve furthe… Continue reading What are some applications of automata theory and logical paradoxes on penetration testing and exploit discovery? [closed]
I am penetration tester. I am struggling to check for UNC path injections in the web apps because of the environment that I am in. I am conducting a pentest of a web app in my company’s local network. I am using a Windows 10 Host machine a… Continue reading UNC Path Injection Testing over NAT
I am penetration tester. I am struggling to check for UNC path injections in the web apps because of the environment that I am in. I am conducting a pentest of a web app in my company’s local network. I am using a Windows 10 Host machine a… Continue reading UNC Path Injection Testing over NAT
I am running a pentest on a web application, and I detected a vulnerability but I am not sure how to report it. I am confused if I should split it or document it as 1 finding. I will explain below.
So the finding is, a JWT token with large… Continue reading How to report related findings in a pentest report
I am running a pentest on a web application, and I detected a vulnerability but I am not sure how to report it. I am confused if I should split it or document it as 1 finding. I will explain below.
So the finding is, a JWT token with large… Continue reading How to report related findings in a pentest report
Firstly, a quote from a good article about the importance of memory safety by memorysafety.org:
How common are memory safety vulnerabilities?
Extremely. A recent study found that 60-70% of vulnerabilities in iOS and macOS are memory safet… Continue reading Can and should a penetration test report include an informational note about not having used a (by-design) memory-safe programming language?
I am not very experienced nor do I have acceptable knowledge, that is why I have signed up to work on a small project to gain some experience, where they don’t seem to care about security much.
After running a scan, I noticed that they hav… Continue reading Conducting a proof-of-concept attack on an open MySQL port
While doing an internal assessment, I stumbled upon a very weird looking NTLMv2 hash (I will not use the "Net-NTLM" terminology but I’m talking about the NTLM protocol ) while using Responder with the –lm option (which afaik/wha… Continue reading Impossible NTLMv2 hash format with Responder lm option
We use LUKS/dm-crypt encrypted workstations with long passwords.
But if an laptop is unlocked and booted into Debian, using Xscreensaver then the disk is in an unencrypted state but the keyboard is locked.
My question is, would it be possi… Continue reading How secure is XScreenSaver against physical attacks