Pentest Blog Posts
Patch Diffing Microsoft Windows Wi-Fi Driver Vulnerability (CVE-2024-30078) - Part 1
Kapil Khot
Windows
CVE-2024-30078
Vulnerability Analysis
Analysing the Microsoft Windows Wi-Fi driver patch to understand the vulnerability (CVE-2024-30078) - Part1
Don't Click Evil.txt: CVE-2024-30050 and Other Windows Silliness
Harry Withington
Windows
Phishing
MoTW
Bypassing security prompts with file shares and more
Git-Rotate: Leveraging GitHub Actions to Bypass Microsoft Entra Smart lockout
Daniel Underhay
Password Spraying
IP Rotation
Explore how GitHub Actions can be leveraged to rotate IP addresses during password spraying attacks to bypass IP-Based blocking such as Entra Smart lockout.
Hook, Line, and Phishlet: Conquering AD FS with Evilginx
Daniel Underhay
Evilginx
Phishing
AD FS
A detailed walkthrough of the process and hurdles faced in leveraging Evilginx3 to conduct a successful phishing campaign on a AD FS protected domain.
Bee-yond Capacity: Unauthenticated RCE in Extreme Networks/Aerohive Wireless APs - CVE-2023-35803
Lachlan Davidson
IoT
Aerohive
Extreme Networks
Exploits
Tools
RCE
Buffer Overflow
CVE-2023-35803 - An adventure in finding and exploiting a buffer overflow in Extreme Networks/Aerohive Wireless Access Points
Pentah0wnage: Pre-Auth RCE in Pentaho Business Analytics Server
Harry Withington
Web
Exploits
RCE
Auth Bypass
SSTI
Check that regex.
The Threat on Your Desk: Building an Evil USB-C Dock
Lachlan Davidson
Implants
Red Teaming
BadUSB
Tools
BadUSB attacks have been a threat for years, but is the USB-C dock sitting on your desk the latest threat in disguise?
Reverse SSH: A Fast, Stable Reverse Shell Handler
Jordan Smith
RSSH
Tools
Want to use SSH for reverse shells? Now you can.
Device Code Phishing: A Frontend UI
Daniel Underhay
Phishing
Tools
A framework for OAuth 2.0 device code authentication grant flow phishing.
Hacking the Hive: Discovering Vulnerabilities in Aerohive Devices
Jordan Smith
IoT
Aerohive
Exploits
Tools
Learn how to write your own firmware for Aerohive devices! With a bonus side order of some remote code execution!
CCTV: Now You See Me, Now You Don't
Daniel Underhay
IoT
IP Camera
CCTV
How to take over an IoT camera stream.
Same-Origin Policy: From birth until today
Yangren Kelsang
Browser
CSRF
SoP
CORS
A web browser’s same origin policy plays a major role in preventing Cross-Site Request Forgery attacks. The standard is clear on what the acceptable behaviour is, but do all browsers follow it?
Automating a Thorny SQL Injection With SQLMap
Ahmad Ashraff
Sqli
Sqlmap
Web
SQLMap is one of the best tool in exploiting sql injection. However, there are moments where this tool will not produce the expected results if we do not supplying the correct options. This post covers a tricky SQL Injection vulnerability that I found in a recent assessment.
Universal Second Factor - Phishing-proof 2FA for general human beings
Yuriy Ackermann
MFA/2FA
U2F
Fido
U2F is an open, driverless, digital signature challenge-response protocol for secure two factor authentication. It’s designed to improve user security through ease of use.
SCADA Penetration Testing: Do I need to be prepared?
Nilesh Kapoor
SCADA
In this blog post Nilesh shares his experience performing a SCADA assessment, what pentest approach works best for highly sensitive systems, and preferred tools of the trade.
Hunting For Bugs With AFL 101 - A Primer
Chris Berry
Fuzzing
AFL
An overview of how to begin searching for vulnerabilities within software, by fuzzing the binary with AFL
Bypassing SAML 2.0 SSO with XML Signature Attacks
Tim Goddard
SSO
Saml
XSW
Unfortunately, many SAML consumers don’t validate responses properly, allowing attacks up to and including full authentication bypass.
iOS Application Security Review Methodology
Claudio Contin
IOS
Mobile App Review
The following post aims to provide a high level overview of an iOS application security review methodology and an introduction of some tools publicly available to perform the analysis.
Not So Strict Transport Security
Matthew Daley
HTTP Strict Transport Security (HSTS)
Web
Your Strict Transport Security policy may not be as strict as you think. A common misconfiguration can lead to a suprising amount of plaintext leakage.