• Services
  • Blog
  • Knowledge Base
  • Contact

KNOWLEDGE BASE

Application Penetration Testing AWS Pentesting DevOps Security Encryption Network Penetration Testing Pentesting Fundamentals Windows Hardening

Application Penetration Testing

  • Cross-domain Referer Leakage
  • Pentesting Basic Authentication
  • Username Enumeration
  • iOS Frida Objection Pentesting Cheat Sheet
  • URL Redirection – Attack and Defense
  • Jailbreaking iOS 13 with unc0ver
  • X-Runtime Header Timing Attacks
  • wkhtmltopdf File Inclusion Vulnerability
  • API Mass Assignment Vulnerability
  • Web Server TRACE Enabled

AWS Pentesting

  • HTTP Request Smuggling (AWS)
  • Create an AWS Read-Only Access Token
  • ScoutSuite Quickstart
  • Protecting S3 buckets using IAM and KMS
  • Misconfigured S3 Bucket
  • S3 Storage Does Not Require Authentication

DevOps Security

  • Securing Travis CI

Encryption

  • SSH Weak Key Exchange Algorithms Enabled
  • SSH Weak MAC Algorithms Enabled
  • TLS 1.0 Initialization Vector Implementation Information Disclosure Vulnerability
  • OpenSSL ‘ChangeCipherSpec’ (CCS) MiTM Vulnerability
  • Null Ciphers Supported
  • ‘Export Ciphers’ Enabled

Network Penetration Testing

  • F5 BIG-IP Cookie Remote Information Disclosure
  • DNS Server Dynamic Update Record Injection
  • rlogin Service Enabled
  • Unauthenticated MongoDB – Attack and Defense
  • SNMP ‘GETBULK’ Denial of Service
  • Responder / MultiRelay Pentesting Cheatsheet
  • NTP Mode 6 Vulnerabilities
  • Cisco Information Disclosure (CVE-2014-3398 – CSCuq65542)
  • SSH Tunneling for Pentesters
  • .NET Handler Enumeration
  • TLS_FALLBACK_SCSV Not Supported
  • PHP Easter Eggs Enabled
  • MySQL Multiple Vulnerabilities
  • Debian Predictable Random Number Generator Weakness
  • Cisco IKE Fragmentation Vulnerability

Pentesting Fundamentals

  • GET vs POST
  • Cache Controls Explained
  • Cookie Security Attributes
  • Essential Wireshark Skills for Pentesting
  • Testing Cookie Based Session Management

Windows Hardening

  • Resolving “Windows NetBIOS / SMB Remote Host Information Disclosure” (2020)
  • Services
  • Blog
  • Knowledge Base
  • Contact
Looking for a better
penetration test?

Make an appointment with an expert today

    Request a meeting invite? (EDT)

    Contact ASAP3:00 PM Today4:00 PM Today1:00 PM Tomorrow3:00 PM TomorrowOther / Just Send Info