This post briefly examines two flawed implementations of Multi-Factor Authentication
Continue readingCategory: Penetration Testing
5 ways to bypass account lockout in web applications
Introduction I recently wrote a post on enumerating valid usernames
Continue readingExploring the Burp Suite API
With the release of Burp Suite Professional 2.0 came
Continue reading5 ways to enumerate usernames in web applications
Introduction When performing security testing on a website, one of
Continue readingPassword Manager Vulnerability – Dashlane
This post discusses a flaw in the Dashlane password manager.
Continue readingExploring FTP with Python3
This post explains basic interactions with FTP using Python3 from
Continue readingBriefly Exploring HTTP Header Vulnerabilities
I’ve recently come across (or read about) several vulnerabilities dealing
Continue readingBurp Extension Python Tutorial
This post provides step by step instructions for writing a
Continue readingThe SMI protocol, and why Nessus is wrong
I was reviewing some port scan data and noticed port
Continue readingPowerShell Web Enumeration – Get-WebsiteInfo
I was tasked to do a penetration test of a
Continue reading