Penetration Testing

Overview Each week on Friday, we post a social media challenge known as “Detective Nevil Mystery Challenge”.  On November 13th of 2020, we released a challenge that contained a payload and it ...

Penetration testing is a race against the clock. Often, we only have a few days to examine all the functionality of a web application or an API. That is why we spend ...

    Today I wanted to continue the series on using LD_PRELOAD.  In today’s post we are going to use LD_PRELOAD to hijack the rand() function in a simple random number guessing game to ...

A little background… As I stood in front of a class of developers trying to explain cross-origin resource sharing (CORS), I knew I wasn’t conveying it well enough for a significant subset ...

    Today I wanted to start what I plan to be a small series of blog posts about LD_PRELOAD. LD_PRELOAD is related to Linux based systems and revolves around the loader system and ...

Introduction While penetration testing and Red Teaming are crucial to check a system’s security and to validate potential entry-points in the infrastructure, sometimes establishing an initial foothold on the target can be ...

Forward When talking about a proxy or a pivot or a tunnel, we could be talking about very different things.  However, to me, these terms could mean the same thing too.  A ...

The Sophos XG Firewall vulnerability The Sophos XG Firewall recently had a publicly-reported zero-day vulnerability. The vulnerability in question was an SQL injection vulnerability that, if... Go on to the site to ...

This post is about setting up an Android Virtual Machine (AVD) for a mobile application penetration test ...

Why Bother with Video Game Security? Video games are more than just entertainment. Gaming is a massive industry which by some accounts is estimated to be worth $256.97 billion by 2025. So ...