Collaborate Disseminate
I am doing the PortSwigger CSRF lab, where the token is tied to a non-session cookie, the solution to this is that we set a cookie to the users’ browser through the search field which sets the search query to set cookie
and then do a POST … Continue reading cant set cookie from request to another domain, chrome third party cookies phaseout
I am a intermediate pentester who will soon be conducting a engagement with a hospice. This is my first engagement with a network where HIPAA is involved, and I am researching how this may affect my statement of work. My research so far ha… Continue reading How does a pentesting engagement change under HIPAA?
I am doing a security audit on a command line tool. The tool is java based and it runs on the server side, it collects some info and generate a report at the end of the run.
This tool can run nevertheless of which user has run this, so any… Continue reading how to apply authentication/authorization on CLI tools
I opened the PentestBox, it said it was like this("Code 267" on PentestBox like at image). What should I do to fix it or what to do next.
I hope everyone can help me know how to solve this problem
Continue reading How to fix the error "Code 267" on PentestBox? [closed]
I am a (modest) pen-tester on a team of a few. I am relatively new to my pen-testing career (a few years in) but I really enjoy it; it is very interesting.
We have just admitted a new, young pen-tester in our group, who, if I’m being compl… Continue reading A pen-tester on my team caused major database damage to a client- what should we do? [closed]
A client did an unannounced penetration test on our platform (SaaS, multi-tenant).
The first test, they made an extreme number of requests in a short amount of time. It was not logged in and was unannounced so I first thought it was a DDOS… Continue reading A client did an unannounced penetration test on our platform
Is there any way to save half dumped output in csv file or in table format in sqlmap?
Look below image for better understanding. The target is boolean based blind injection vulnerable. For sure this injection takes hell of a time for large… Continue reading sqlmap –dump csv file output problem for Large database
How penetration are tests usually conducted? I am learning some testing techniques like XSS, SQLi, Path traversal, etc. In each technique, there are many different possibilities, where only one might work. I can’t imagine how long the test… Continue reading How is a penetration test of a web application performed in reality?
I am new to JTR and am currently trying to crack some passworts I generated.
Because I am new to JTR, I wanted to start by hashing a simple password like "Cat", write it in a file named pw.txt and then crack the password with Joh… Continue reading John the Ripper not working properly
I am trying to find explicit recommendations on the frequency of penetration testing, if possible in an industrial environment.
I looked in ISO/IEC 27001, NIST SP 800-115 but could not find any information on this except that "It depe… Continue reading How often should one order a pentest?