blog

Our latest Blogs

Explore our latest blog posts and stay secure in a digital world.

GraphQL Penetration Testing
February 21, 2022
Pentests

We have had a couple of penetration test engagements that involved GraphQL endpoints. At first, it looked complex and we sketched out the methodology and approach to perform the penetration test. Here’s how it went,

Leveraging Log4j Exploit to Domain Administrator
January 11, 2022
Pentests

We recently performed another internal network assessment with the goal to gain Domain Administrator access on the target network. We had unauthenticated access to the network, i.e. unauthorized user or an internal attacker onto the user LAN.

Tools, Techniques & Processes: From Zero to Domain Administrator
November 24, 2021
Pentests

We recently performed an internal network penetration test for a large enterprise with up to 3 domains and 2000+ hosts. We had zero knowledge of the target network (as an attacker would have) and were placed onto the user VLAN with unauthenticated access.

Utilizing Metasploit Database in Network Pentest
February 12, 2019
Pentests

What’s the first thing come to your mind when you think of doing network pentest of over 1000 IPs in couple of weeks? Is it really possible? Answer is YES!!!

ColdFusion 10 Remote File Disclosure Exploit
April 12, 2016
Pentests

ColdFusion had several exploits in the past. ColdFusion 10 being the latest and stable release from Adobe it was hard to find any ready exploits.

Catching Back Doors through Code Reviews
July 18, 2014
Pentests

Off late, code reviews have been gaining a lot of popularity. Organizations which till recently were content with a secure network and an occasional Penetration Test are now getting their application’s code reviewed before going live.

Local Data Storage Analysis with iOS Simulator
June 30, 2014
Pentests

There have been times when a penetration tester is not able to install iOS application on a physical device while performing iOS application security assessment. This can happen due to various reasons

Exploiting SSH key based authentication
May 23, 2014
Pentests

This is rather be a quick post and intended to be a reference note for me (and you all).

Subscribe to our newsletter

Join our newsletter today and enhance your knowledge with valuable insights. It's quick, easy, and free!

Be a Team Player
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.