Pentesting Authentication
Pentesting authentication is a critical step of any gray-box pentest. Here we review steps of how a pentest should assess these controls. The post Pentesting Authentication appeared first on Virtue Security ... Read More
Pentesting ELBs – Where Vulnerabilities Hide in Plain Sight
Vulnerabilities affecting ELBs can be easily overlooked. It's critical for pentesters to look out for these AWS features when analyzing an attack surface. The post Pentesting ELBs – Where Vulnerabilities Hide in Plain Sight appeared first on Virtue Security ... Read More
A Pentester’s Guide to Input Validation
Input Validation is a fundamental concept of penetration testing. This guide is written for new pentesters and developers looking to bolster these core skills. The post A Pentester’s Guide to Input Validation appeared first on Virtue Security ... Read More
HIPAA Penetration Testing – A Primer for Healthcare Security
Curious about HIPAA requirements and what it means for your pentest? Let's review some technical examples of why pentesting in healthcare is so unique. The post HIPAA Penetration Testing – A Primer for Healthcare Security appeared first on Virtue Security ... Read More
Black Box vs. Gray Box vs. White Box Pentesting Explained
Black Box, Gray Box, and White Box pentests have pros and cons. Here we lay out all the differences to help you decide which one fits best. The post Black Box vs. Gray Box vs. White Box Pentesting Explained appeared first on Virtue Security ... Read More
Developing Like A Pentester – (And How To Reproduce Any Vulnerability)
Reproducing vulnerabilities from a pentest report is a pain, but with just a few simple tips it doesn't have to be. The post Developing Like A Pentester – (And How To Reproduce Any Vulnerability) appeared first on Virtue Security ... Read More
Pentesting User Interfaces: How to Phish Any Chrome, Outlook, or Thunderbird User
In this blog post, we demonstrate how graphical user interfaces could be vulnerable to spoofing attacks by using certain Unicode characters. The post Pentesting User Interfaces: How to Phish Any Chrome, Outlook, or Thunderbird User appeared first on Virtue Security ... Read More
5 Tips for selecting a penetration testing company in 2021
Selecting a penetration testing company can be a pain. Here are five important tips to ensure you penetration testing vendor will set you up for success. The post 5 Tips for selecting a penetration testing company in 2021 appeared first on Virtue Security ... Read More
Evading Antivirus with Better Meterpreter Payloads
Ever have meterpreter shells consistently fail? Anti-virus products may be causing your penetration tests to fall flat. By using unique encoded meterpreter shells you can avoid AV and elevate your penetration tests. The post Evading Antivirus with Better Meterpreter Payloads appeared first on Virtue Security ... Read More
Tale of a Wormable Twitter XSS
This is a tale of how we found a wormable XSS on Twitter, and how we managed to fully bypass its CSP policy. The post Tale of a Wormable Twitter XSS appeared first on Virtue Security ... Read More
