Why do we need a Web App Pen test

Why do we need a Web App Pentest

Why do we need a Web App Pentest? April 25, 2022 Informational Karan Patel Vulnerability assessments use automation to routinely scan for routers, firewalls, servers, applications, and switches. Web application penetration testing has a limited scope. A web application pen test uses numerous techniques to mimic an adversary’s planned actions or a user’s unintentional behaviors […]

Top 5 Reasons Why You Need a Penetration Test

Top 5 Reasons Why You Need a Penetration Test

Top 5 Reasons Why You Need a Penetration Test April 23, 2022 Informational Karan Patel High-profile security breaches are still making news in today’s media. A growing number of organizations are at danger because of this development. While adversaries are always creating new and more advanced techniques of attacks, the number of attacks is increasing […]

Android Root Detection Bypass Using Bypass

Android Root Detection Bypass Using Frida

Android Root Detection Bypass Using Frida April 22, 2022 Android Redfox Security Team This is a continuation of the previous blog post – see SSL Pinning Bypass for Android Apps. If you haven’t already, please go check it out. Assuming you’ve set up Frida, we can proceed further to bypass Android root detection using Frida. […]

WI-FI Hacking (Pt. 2)

WI-FI Hacking (Pt. 2)

WI-FI Hacking (Pt. 2) April 21, 2022 Network Security Redfox Security Team In our previous blog post (Part 1) of the Wi-Fi Hacking series, we went through setting up our Alfa card, decloaking hidden SSID’s, passively capturing handshakes and cracking the passphrase using aircrack-ng. Here, we are going to perform an active deauth attack on […]

SSL Pinning Bypass for Android using Frida

ssl pinning bypass

SSL Pinning Bypass for Android using Frida April 20, 2022 Application Security Redfox Security Team What is SSL pinning? Mobile apps commonly use SSL to safeguard transmitted data from eavesdropping and tampering while communicating with a server. SSL implementations in apps trust a server that has a certificate-which in turn is trusted by the operating […]

Misconfigured Amazon S3 Buckets

Misconfigured Amazon S3 Buckets

Misconfigured Amazon S3 Buckets April 16, 2022 AWS Karan Patel What is Amazon S3? Excerpt from AWS documentation: Amazon Simple Storage Service (Amazon S3) is an object storage service offering industry-leading scalability, data availability, security, and performance. Customers of all sizes and industries can store and protect any amount of data for virtually any use […]

NGINX Zero-Day Vulnerability 1

NGINX Zero-Day Vulnerability 1

NGINX Zero-Day Vulnerability 1 April 15, 2022 Informational Redfox Security Team What is NGINX ? NGNIX is an open-source web server that can also act as a reverse proxy, load balancer, mail proxy, and HTTP cache. The software’s structure is asynchronous and event-driven, allowing it to handle multiple requests at once. NGINX zero day vulnerability […]

Benefits of Penetration Testing

Benefits of Penetration Testing

Benefits of Penetration Testing April 14, 2022 Informational Karan Patel Synopsis Breaking into a company’s security defenses takes a long time and skill. However, modern techniques make it easier than ever for threat actors to uncover vulnerable spots in an organization. Penetration testing, often referred to as “pentesting”, helps organizations identify potential attack vectors and […]

Wifi Hacking (Pt.1)

Wifi Hacking (Pt.1)

Wifi Hacking (Pt.1) April 13, 2022 Cyber Security Redfox Security Team Wi-Fi stands for wireless network technology. It establishes wireless network connections using radio waves. Malicious hackers frequently opt to penetrate firms by compromising their Wi-Fi networks, mainly due to the nature of Wi-Fi and its methods for enabling network access. Households are also at […]

Spring4Shell Vulnerability

Spring4Shell Vulnerability

Spring4Shell Vulnerability April 13, 2022 Web Application Redfox Security Team Synopsis A sequence of Tweets (that are now deleted) from a Chinese Twitter account was posted on March 29th, 2022, displaying pictures of a new POC of a 0-day vulnerability in one of the most popular Java frameworks, known as Spring Core. Internet Users refer […]