What Is Nuclei? Nuclei is a powerful open-source vulnerability scanner written in Golang. Aside from its excellent performance, it is a highly customizable tool due to its integration with YAML […]
Burp Suite Macros If you’ve performed web application pentests with Burp Suite for a while, you’ve certainly come across applications that don’t play nicely with Burp Suite’s out-of-the-box scanning. Perhaps […]
Cross-Origin Resource Sharing On a recent penetration test, we found an interesting misconfiguration that allowed us to use a CORS attack to steal session tokens directly. This made account compromise […]
SSRF Attack We recently came across a privilege escalation attack avenue during a web application / thick client penetration test. In this blog post, I will be talking about a […]
Welcome to another installment of Unauthenticated! In this post, we will look at a recent web application penetration test where an XML external entity (XXE) expansion vulnerability was exploited without […]
What separates a tool from a tester? Read White Oak Security’s blog about pentesting web apps efficiently through Burp Suite Config Library with scan profiles.
Before we get into the nuts and bolts of this post, I need to provide a little background. The COVID-19 pandemic has brought a number of changes to our day […]
While researching daycare software online we identified multiple providers / companies that offered daycare software. In this instance we looked at an application that was configured worse than the first […]
As my wife recently started an at-home daycare, we have done testing of different child activity tracking applications that provide parents with updates about their child throughout the day (e.g. […]
New security breaches are occurring on an almost daily basis. Attackers often gather breach data in search of attacking valid user accounts on other websites, such as the 773 million […]
