The Amazon Scam (COVID-19)
Lately, I have received more phishing emails in my burner (test) email that are related to Amazon than ever before. This probably due to the influx of online shopping driven […]
Author: Brett DeWall
Simple Security Fails (part 5) – Basic Authentication
For those not yet familiar with the Simple Security Fails series – previous posts are located here: part 1, part 2, part 3, part 4 Lately I have tested a […]
Simple Security Fails (part 3) – Exposed Docker Daemon API
This blog post will focus on exploiting exposed Docker daemons. During a recent internal penetration test I discovered an exposed Docker Daemon. By having the daemon exposed outside of the […]
Some Tips for Analyzing Malicious Word Documents
Most people these days have one of those burner email addresses – used for product sign-ups, etc.. I certainly do and that account receives its fair share of phishing emails. […]
CSV Injection – What’s the Risk?
Today we’re going to talk a bit about CSV injection. First of all, what is CSV Injection? “CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input […]
From VEEAM to Domain Administrator
On a recent Internal Penetration Test engagement, I was reviewing some Nessus scan data and came across an “Microsoft Windows SMB Shares Unprivileged Access” finding. As we can see from […]
Simple Security Fails (part 1) – The Directory Listing
Overview While performing security tests against web applications or network infrastructures, I often come across web servers with directory listing enabled. What is directory listing you say? “Web servers can […]
0-Day In A Multi-Million Dollar Machine
Overview I was engaged to perform a mainframe penetration test recently. What is a mainframe? Mainframes are high-performance computers with large memory (RAM) and processors that process billions of simple […]
No-Scoped HP SiteScope
Overview Recently on an internal penetration test engagement I ran into an installation of HP SiteScope. Wikipedia defines HP Sitescope as “agentless monitoring software focused on monitoring the availability and performance of […]
Think Of The Children (part 2 – the Second Born)
While researching daycare software online we identified multiple providers / companies that offered daycare software. In this instance we looked at an application that was configured worse than the first […]