In my previous blog post, part 1, I covered the basic configuration of the AuthMatrix Burp Suite extension, so we will now move on to some more advanced setups. The […]
In the previous posts, part 1 and part 2, for this blog series we created an environment where we can test directory enumeration tools and adjust rate limiting. Let’s continue […]
Modifying Compiled Java Executables By Editing Bytecode This post will cover the basics of Java Bytecode editing, which allows you to take a compiled Java Executable and make modifications to […]
SSRF Attack We recently came across a privilege escalation attack avenue during a web application / thick client penetration test. In this blog post, I will be talking about a […]
Welcome to another installment of Unauthenticated! In this post, we will look at a recent web application penetration test where an XML external entity (XXE) expansion vulnerability was exploited without […]
Brett uncovers an insecure password reset during a pentest, this post will go through the password reset functionality, what went wrong, & how to fix this issue.
New security breaches are occurring on an almost daily basis. Attackers often gather breach data in search of attacking valid user accounts on other websites, such as the 773 million […]