😉

Extracting Credentials from Multifunction Devices

| | Infosec Blog, security
Network printers and Multifunction Devices (MFDs) are very often a part of a corporate network to which little attention is paid. It is not unusual to find such devices on a network during an internal penetration test with default administrative credentials set. Such devices are often configured with useful credentials, ... Read More
Bypassing CSP with JSONP Endpoints

Bypassing CSP with JSONP Endpoints

| | Infosec Blog, security
HTTP’s Content-Security-Policy (CSP) mechanism provides a means to instruct web browsers to apply various restrictions to the content returned by any given HTTP request. Such content could actually be under the control of a malicious party if a vulnerability such as Cross-Site Scripting (XSS) exists, which allows attackers to insert ... Read More