October 27, 2024

Pentests

This is rather be a quick post and intended to be a reference note for me (and you all).

Continue Reading 

ColdFusion 10 Remote File Disclosure Exploit

September 25, 2024

Pentests

ColdFusion had several exploits in the past. ColdFusion 10 being the latest and stable release from Adobe it was hard to find any ready exploits.

Continue Reading 

Utilizing Metasploit Database in Network Pentest

September 25, 2024

Pentests

What’s the first thing come to your mind when you think of doing network pentest of over 1000 IPs in couple of weeks? Is it really possible? Answer is YES!!!

Continue Reading 

GraphQL Penetration Testing

November 7, 2024

Pentests

We have had a couple of penetration test engagements that involved GraphQL endpoints. At first, it looked complex and we sketched out the methodology and approach to perform the penetration test. Here’s how it went,

Continue Reading 

Tools, Techniques & Processes: From Zero to Domain Administrator

October 3, 2024

Pentests

We recently performed an internal network penetration test for a large enterprise with up to 3 domains and 2000+ hosts. We had zero knowledge of the target network (as an attacker would have) and were placed onto the user VLAN with unauthenticated access.

Continue Reading 

Leveraging Log4j Exploit to Domain Administrator

September 25, 2024

Pentests

We recently performed another internal network assessment with the goal to gain Domain Administrator access on the target network. We had unauthenticated access to the network, i.e. unauthorized user or an internal attacker onto the user LAN.

Continue Reading 

Blog Categories