Developing Like A Pentester – (And How To Reproduce Any Vulnerability)
Application
Pentesting User Interfaces: How to Phish Any Chrome, Outlook, or Thunderbird User
In this blog post, we demonstrate how graphical user interfaces could be vulnerable to spoofing attacks by using certain Unicode characters.
Application
5 Tips for selecting a penetration testing company in 2020
Selecting a penetration testing company can be a pain. Here are five important tips to ensure you penetration testing vendor will set you up for success.
Network
Evading Antivirus with Better Meterpreter Payloads
Ever have meterpreter shells consistently fail? Anti-virus products may be causing your penetration tests to fall flat. By using unique encoded meterpreter shells you can avoid AV and elevate your penetration tests.
Application
Tale of a Wormable Twitter XSS
This is a tale of how we found a wormable XSS on Twitter, and how we managed to fully bypass its CSP policy.
Network
AWS Penetration Testing Part 2. S3, IAM, EC2
Unlike ACLs and bucket policies, IAM policies are targeted at IAM users/groups instead of S3 buckets and objects.