Application whitelisting is a very effective protection mechanism, but it can be difficult to manage and deploy at scale, and is not commonly deployed by
Category: Pentest techniques
7 lesser-known AWS SSM Document techniques for code execution
A deep dive into AWS SSM Run Command shows that there are multiple documents attackers can use for executing code remotely on EC2 instances. In
Mobile Pentesting 101 – How to set up your Android Environment
This article gives an idea about how your Android pentesting environment should look like. What tools should I use? Do I really need a physical device? Do I need a rooted device to pentest an application?
AWS Enumeration – Part II (Practical enumeration)
We hackers love cheat sheets so here are mine for AWS IAM, EC2, S3 Buckets and Lambda Functions. In Part I we showed what approaches
Mobile Pentesting 101 – Bypassing Biometric Authentication
Android and iOS Fingerprint bypassing techniques. The article presents multiple biometric bypass methods, including Frida and objection.
Active Directory – Delegation Based Attacks
What is Kerberos delegation? As stated by Microsoft, “delegation is one of the most important security features of Active Directory Domain Services. Delegation enables a
Security Café 