During a recent penetration test my team and I encountered
Continue readingCategory: Penetration Testing
Guessing answers to security questions
This is a short story about how a seemingly small
Continue readingHashcat Tutorial – The basics of cracking passwords with hashcat
This post will walk through the basics for getting started
Continue readingMFA Bypass and Privilege Escalation
This post briefly examines two flawed implementations of Multi-Factor Authentication
Continue reading5 ways to bypass account lockout in web applications
Introduction I recently wrote a post on enumerating valid usernames
Continue readingExploring the Burp Suite API
With the release of Burp Suite Professional 2.0 came
Continue reading5 ways to enumerate usernames in web applications
Introduction When performing security testing on a website, one of
Continue readingPassword Manager Vulnerability – Dashlane
This post discusses a flaw in the Dashlane password manager.
Continue readingExploring FTP with Python3
This post explains basic interactions with FTP using Python3 from
Continue readingBriefly Exploring HTTP Header Vulnerabilities
I’ve recently come across (or read about) several vulnerabilities dealing
Continue reading