Let’s Talk Wireless Pentesting Equipment
It seems like more and more often I get asked what equipment I utilize for performing wireless penetration tests (802.11 wireless networking). In this post I will talk about the […]
It seems like more and more often I get asked what equipment I utilize for performing wireless penetration tests (802.11 wireless networking). In this post I will talk about the […]
In this blog series coworkers and I will be performing a walkthrough of interesting domain take overs that have occurred during pentest engagements. The first part to this series occurred […]
Weaponizing CVE-2018-19859 Summary On a recent internal penetration test, White Oak Security discovered an outdated version of OpenRefine which is vulnerable to an unauthenticated Zip Slip attack. The vulnerability was […]
This is one part of a series of posts on how to prepare your API for a pentest. The first post was focused on Insomnia. The second was focused on […]
This is one part of a series of posts on how to prepare your API for a pentest. Check back in the near future for additional content. Similar to web […]
Over the past five blogs (part 1, part 2, part 3, part 4, part 5) we’ve covered utilizing event handlers for ActiveX controls to obtain code execution in Office documents, […]
Today we’re going to talk a bit about CSV injection. First of all, what is CSV Injection? “CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input […]
On a recent Internal Penetration Test engagement, I was reviewing some Nessus scan data and came across an “Microsoft Windows SMB Shares Unprivileged Access” finding. As we can see from […]
[HERE’S A COMPANION POST ON SETTING UP AN ANDROID DEVICE FOR PENETRATION TESTING] One of the initial challenges of performing an iOS mobile application penetration test is getting a suitable […]
Overview Recently on an internal penetration test engagement I ran into an installation of HP SiteScope. Wikipedia defines HP Sitescope as “agentless monitoring software focused on monitoring the availability and performance of […]