At Blacklock, we're always looking for new ways to simplify and deliver the best solutions for our customers. With this in mind, we’ve recently released some significant upgrades to our offerings, after listening to your feedback and support.

We have had a couple of penetration test engagements that involved GraphQL endpoints. At first, it looked complex and we sketched out the methodology and approach to perform the penetration test. Here’s how it went,

Modern-day mobile applications implement additional levels of security controls that prevent an attacker from intercepting the content for the HTTPS connection. Such implementation won’t allow common proxy tools to intercept and log the application traffic.

We recently performed another internal network assessment with the goal to gain Domain Administrator access on the target network. We had unauthenticated access to the network, i.e. unauthorized user or an internal attacker onto the user LAN.

We recently performed an internal network penetration test for a large enterprise with up to 3 domains and 2000+ hosts. We had zero knowledge of the target network (as an attacker would have) and were placed onto the user VLAN with unauthenticated access.

Purple Teams, cables and continuous assurance; CHCon took place on November 5-6 in Christchurch in the historic Main Hall at the Arts Centre heritage site. Blacklock was proud to be a Bronze sponsor.