Penetration Testing

Solving the November 13th Detective Nevil Mystery Challenge

Overview Each week on Friday, we post a social media challenge known as “Detective Nevil Mystery Challenge”.  On November 13th…

3 days ago

3 Reasons to Pentest with Brave

Penetration testing is a race against the clock. Often, we only have a few days to examine all the functionality…

6 days ago

Not-So-Random: Using LD_PRELOAD to Hijack the rand() Function

Today I wanted to continue the series on using LD_PRELOAD.  In today’s post we are going to use LD_PRELOAD to…

1 month ago

The Death and Rebirth of Musashi.js OR How I turned personal failure into better teaching tools.

A little background… As I stood in front of a class of developers trying to explain cross-origin resource sharing (CORS),…

2 months ago

LD_PRELOAD – Introduction

Today I wanted to start what I plan to be a small series of blog posts about LD_PRELOAD. LD_PRELOAD is…

2 months ago

Using Merlin agents to evade detection

Introduction While penetration testing and Red Teaming are crucial to check a system’s security and to validate potential entry-points in…

2 months ago

Proxies, Pivots, and Tunnels – Oh My!

Forward When talking about a proxy or a pivot or a tunnel, we could be talking about very different things. …

2 months ago

Zero-day Sophos XG Firewall vulnerability: An exploit guide for pentesters

The Sophos XG Firewall vulnerability The Sophos XG Firewall recently had a publicly-reported zero-day vulnerability. The vulnerability in question was…

2 months ago

How to configure Android (Virtual) for Mobile PenTest

This post is about setting up an Android Virtual Machine (AVD) for a mobile application penetration test.

2 months ago

Game Hacking Part 1 – Equipping Your Loadout

Why Bother with Video Game Security? Video games are more than just entertainment. Gaming is a massive industry which by…

3 months ago