During a black-box penetration test we encountered a Java web application which presented us with a login screen. Even though we managed to bypass the
Category: Pentest techniques
Phishy Basic Authentication prompts
In one of our previous posts, we noted that a popular tool – Responder – uses Basic Authentication prompts to harvest user credentials when they
Going further with Responder’s Basic Authentication
There are a good number of situations when we find ourselves abusing the LLMNR and NBT-NS protocols on an infrastructure penetration test, more specifically on
Practical JSONP Injection
JSONP injection is a lesser known but quite widespread and dangerous vulnerability and it surfaced in the last years due to the high rate of
Introduction to Windows shellcode development – Part 3
If you missed the first two parts of this article, you can find in Part I what is a shellcode, how it works and which
Security Café 