penetration-test – Page 13 – WindowsTechs.com

Intercept and modify Server-Sent Events (EventSource API)

Posted on September 22, 2021 by GarlicCheese

I’m working with a web application using Server-Sent Events (SSE, EventSource API), similar to WebSockets. However, none of the commonly penetration test tools seem to fully support this.
I’ve tried Burp Professional, OWASP ZAP and mitmpro… Continue reading Intercept and modify Server-Sent Events (EventSource API)→

Requiring Google Mobile Service token

Posted on September 20, 2021 by D.Rek

I’m pentesting an android application written in Cordova and while inspecting the network traffic I found some interesting endpoint that I would like to test.
However, this endpoint need a tokenID (ex. eyJ[…].eyJ[…]) and I don’t know w… Continue reading Requiring Google Mobile Service token→

Is it possibile to interact with firebase database using credentials obtained from an APK?

Posted on September 19, 2021 by D.Rek

during the static analysis while pentesting an android application I found the following information to connect to a firebase instance.
<string name="google_app_id">1:**REDACTED**:android:**REDACTED**</string>
<str… Continue reading Is it possibile to interact with firebase database using credentials obtained from an APK?→

Should analytics cookies be HttpOnly?

Posted on September 16, 2021 by 1488

Should ga gid gat and Fbp cookies be flagged as Secure and HttpOnly?
Is there a way an attacker can use them if accessed?

Continue reading Should analytics cookies be HttpOnly?→

What are all the services that are shown in the output of nmap ? Are they safe? [closed]

Posted on August 28, 2021 by zolfa

I am trying to find out all the vulnerabilities associated with my application and data server (both on the same machine). So I’ve decided to run nmap to see all the ports and other information that an invader could gain to attack my serve… Continue reading What are all the services that are shown in the output of nmap ? Are they safe? [closed]→

Why is it not worth to exploit a search function on a website

Posted on August 2, 2021 by new-to-networking

I have a website that has a search function that uses the GET method.
It returns in the url that "www.xxx.com/query?=something"
Would like to seek opinions on why such a function is not worth exploiting or exploring even though t… Continue reading Why is it not worth to exploit a search function on a website→

cannot connect to wifi in the captive portal stage in fluxion?

Posted on July 31, 2021 by Question

so while using fluxion, something strange (maybe not) happened,i’ve captured the handshake and try to penetrate the same wifi with a captive portal attack, fluxion created a duplicate wifi ,that’s supposedly to be the trap, waiting waiting… Continue reading cannot connect to wifi in the captive portal stage in fluxion?→

What’s your preferred way to hack WiFi? [closed]

Posted on July 30, 2021 by Question

I’ve tried newbie stuff to penetrate WPA/WPA2. Tried aircrack suite, fluxion, oneshot but no success. So I thought the blogs I’ve read are a bit old and just for SEO things, and the stuff that actually works is known between professionals…. Continue reading What’s your preferred way to hack WiFi? [closed]→

Does Windows Server ship with any sensitive images in the filesystem?

Posted on July 27, 2021 by Daniel

I’m working with an interesting vulnerability I found which enables local file inclusion (LFI) on a target server. In summary, there is a PDF generation API endpoint which accepts an HTML string as input. In return, it will render the HTML… Continue reading Does Windows Server ship with any sensitive images in the filesystem?→

Why Do Ransomware Attacks Keep Happening

Posted on July 23, 2021 by Digital Defense Inc.

The post Why Do Ransomware Attacks Keep Happening appeared first on Digital Defense, Inc..
The post Why Do Ransomware Attacks Keep Happening appeared first on Security Boulevard.
Continue reading Why Do Ransomware Attacks Keep Happening→