Blog
Home / Blog
Understanding XML External Entity Injection (XXE) Attacks
XML External Entity Injection (XXE) is a critical web security vulnerability that can expose applications to various risks. In this comprehensive guide, we will delve
Windows Antivirus Evasion – Part 1
In today’s digital landscape, protecting our systems from malicious threats is of utmost importance. Antivirus software plays a significant role in defending against various forms
Understanding the Pen Test Program Life Cycle
Penetration testing, commonly known as pen tests, is a crucial component of the cybersecurity strategy for organizations. It involves simulating cyber-attacks to identify vulnerabilities in
Intercepting Implicit Intent to Load Arbitrary URL
In the world of Android app development, intents play a crucial role in facilitating communication and interaction between different components within an app and even
7 Essential Steps for Crafting an Effective Yearly Pen Test Plan
In today’s ever-changing digital world, businesses are constantly under attack from cybercriminals. To protect their valuable data and assets, organizations need to have a strong
Network Penetration Testing: Essential Tips from a Seasoned Pen Tester
Penetration testing, often referred to as pen testing, is a critical component of any organization’s cybersecurity strategy. It involves simulating real-world cyber attacks to evaluate
Exploiting Weak ACLs on Active Directory Certificate Templates: ESC4
In Active Directory (AD) security, one area that has been gaining attention is the exploitation of misconfigured Active Directory Certificate Services (ADCS) and, in particular,
A Guide to Pen Testing in the Azure AD Environment
Azure Active Directory (Azure AD) is a cloud-based identity and access management service provided by Microsoft. It plays a vital role in the Azure environment,
Web Cache Poisoning: A Comprehensive Guide to Protecting Your Website
Web cache poisoning is a sophisticated attack. It targets the caching system of a browser, leading to the delivery of stale or outdated content to
7 Essential Steps for an Effective Yearly Penetration Testing Plan
Embarking on a journey to fortify your digital defences against cyber threats requires a well-crafted and comprehensive yearly penetration testing plan. In this blog, we’ll
Cross-Site Request Forgery (CSRF) for Pen Testers
As Pen Testers, one of our main roles are identifying and mitigating vulnerabilities that could lead to security breaches. Cross-Site Request Forgery (CSRF) attacks often
HTTP Parameter Pollution: Manipulating Web App Vulnerabilities
HTTP Parameter Pollution (HPP) is a cunning technique employed by attackers to manipulate or retrieve hidden information by injecting encoded query string delimiters into existing
