Collaborate Disseminate
A client did an unannounced penetration test on our platform (SaaS, multi-tenant).
The first test, they made an extreme number of requests in a short amount of time. It was not logged in and was unannounced so I first thought it was a DDOS… Continue reading A client did an unannounced penetration test on our platform
Is there any way to save half dumped output in csv file or in table format in sqlmap?
Look below image for better understanding. The target is boolean based blind injection vulnerable. For sure this injection takes hell of a time for large… Continue reading sqlmap –dump csv file output problem for Large database
How penetration are tests usually conducted? I am learning some testing techniques like XSS, SQLi, Path traversal, etc. In each technique, there are many different possibilities, where only one might work. I can’t imagine how long the test… Continue reading How is a penetration test of a web application performed in reality?
I am new to JTR and am currently trying to crack some passworts I generated.
Because I am new to JTR, I wanted to start by hashing a simple password like "Cat", write it in a file named pw.txt and then crack the password with Joh… Continue reading John the Ripper not working properly
I am trying to find explicit recommendations on the frequency of penetration testing, if possible in an industrial environment.
I looked in ISO/IEC 27001, NIST SP 800-115 but could not find any information on this except that "It depe… Continue reading How often should one order a pentest?
I am learning thick client pentesting. In "File Testing" category, we have a vulnerability called "Framework backdooring". I tried googling the term but could not find any useful resources.
I would like to understand wh… Continue reading Framework backdooring vulnerability in thick client applications [closed]
It was hard to find papers on the applications of logical paradoxes(such as how Turing’s proof of the halting problem) or automata theory on penetration testing or exploit discovery. What are some projects one could work on to delve furthe… Continue reading What are some applications of automata theory and logical paradoxes on penetration testing and exploit discovery? [closed]
I am penetration tester. I am struggling to check for UNC path injections in the web apps because of the environment that I am in. I am conducting a pentest of a web app in my company’s local network. I am using a Windows 10 Host machine a… Continue reading UNC Path Injection Testing over NAT
I am penetration tester. I am struggling to check for UNC path injections in the web apps because of the environment that I am in. I am conducting a pentest of a web app in my company’s local network. I am using a Windows 10 Host machine a… Continue reading UNC Path Injection Testing over NAT
I am running a pentest on a web application, and I detected a vulnerability but I am not sure how to report it. I am confused if I should split it or document it as 1 finding. I will explain below.
So the finding is, a JWT token with large… Continue reading How to report related findings in a pentest report