VLAN Hopping

Introduction to VLAN   Virtual LAN is a logical method of grouping Layer-2 switchports on a local switch into different broadcast domains. VLANs can help to segment a physical network switch to multiple virtual networks. VLANs can be set up by configuring network switches with a specific VLAN name and number. Valid VLAN numbers can range...

Vulnerability Scanning vs. Penetration Testing

Synopsis Organizations who don’t know the difference between penetration testing and vulnerability scanning are often losing out on an essential piece of their overall security posture. Vulnerability scanning looks for known security flaws. A penetration test actively seeks out and exploits these security issues. While vulnerability scanning is mostly automated, a penetration test often requires varying levels...

Why do you need a Web App Pentest?

Vulnerability assessments use automation to routinely scan for routers, firewalls, servers, applications, and switches. Web application penetration testing has a limited scope. A web application pen test uses numerous techniques to mimic an adversary’s planned actions or a user’s unintentional behaviors that may divulge sensitive information. These assessments expose weak spots in a web application’s...

Top 5 Reasons why you need a Penetration Test

High-profile security breaches are still making news in today’s media. A growing number of organizations are at danger because of this development. While adversaries are always creating new and more advanced techniques of attacks, the number of attacks is increasing at an exponential rate. Things have changed and it’s no longer enough to just have anti-virus...

Android Root Detection Bypass Using Frida

This is a continuation of the previous blog post – see SSL Pinning Bypass for Android Apps. If you haven’t already, please go check it out. Assuming you’ve set up Frida, we can proceed further to bypass Android root detection using Frida.  What is a rooted Android device?  Android rooting is a technique that allows...

Wi-Fi Hacking (Pt. 2)

In our previous blog post (Part 1) of the Wi-Fi Hacking series, we went through setting up our Alfa card, decloaking hidden SSID’s, passively capturing handshakes and cracking the passphrase using aircrack-ng. Here, we are going to perform an active deauth attack on a WPA-2 PSK Wi-Fi Network, capture the handshake and then try to...

SSL Pinning Bypass For Android Using Frida

What is SSL pinning?  Mobile apps commonly use SSL to safeguard transmitted data from eavesdropping and tampering while communicating with a server. SSL implementations in apps trust a server that has a certificate-which in turn is trusted by the operating system’s trust store (by default). The operating system includes a list of certificate authorities in...

Misconfigured Amazon S3 Buckets (Pt. 1)

What is Amazon S3? Excerpt from AWS documentation: Amazon Simple Storage Service (Amazon S3) is an object storage service offering industry-leading scalability, data availability, security, and performance. Customers of all sizes and industries can store and protect any amount of data for virtually any use case, such as data lakes, cloud-native applications, and mobile apps....

NGINX zero-day vulnerability

What is NGINX ? NGNIX is an open-source web server that can also act as a reverse proxy, load balancer, mail proxy, and HTTP cache. The software’s structure is asynchronous and event-driven, allowing it to handle multiple requests at once. NGINX zero day vulnerability is also highly scalable, which means that its service expands in...

Benefits of Penetration Testing

Synopsis  Breaking into a company’s security defenses takes a long time and skill. However, modern techniques make it easier than ever for threat actors to uncover vulnerable spots in an organization. Penetration testing, often referred to as “pentesting”, helps organizations identify potential attack vectors and patch them before hackers exploit them. This blog will delve into...