Apple iOS 13 Device Setup for Penetration Testing
[HERE’S A COMPANION POST ON SETTING UP AN ANDROID DEVICE FOR PENETRATION TESTING] One of the initial challenges of performing an iOS mobile application penetration test is getting a suitable […]
[HERE’S A COMPANION POST ON SETTING UP AN ANDROID DEVICE FOR PENETRATION TESTING] One of the initial challenges of performing an iOS mobile application penetration test is getting a suitable […]
In the last few blogs in this series (part 1 & part 2) we worked through scenarios making use of the ActiveX controls InkPicture and WMPlayer to trigger macro execution. […]
Overview While performing security tests against web applications or network infrastructures, I often come across web servers with directory listing enabled. What is directory listing you say? “Web servers can […]
In the previous blog in this series, we worked through a scenario making use of the ActiveX control InkPicture to trigger macro execution. Macro execution utilizing the InkPicture object can […]
This is the first in a series of blogs – if you’re interested in reading the full series the links are here: part 1, part 2, part 3, part 4, […]
In my previous several blog posts (here, here, and here) we covered usage of a really interesting tool released about three years ago: the DotNetToJScript project (https://github.com/tyranid/DotNetToJScript). Although it’s been […]
One of the initial challenges of performing an Android mobile application penetration test is getting a suitable test environment setup. One of the easiest ways to do that is to […]
In our last blog we walked through modifying the UnmanagedPowerShell project to produce a version of PowerShellRunner that’s compatible with DotNetToJScript. The end goal in that blog was to execute […]
Last time we went through an overview of the awesome DotNetToJScript project, and why you should be interested in it for your Red/Purple Team testing. In this blog we’ll cover […]
External Service Interaction through DNS or HTTP is one way to identify out-of-band server interaction vulnerabilities (issues where the server will respond to something other than your testing computer). This […]