Do you have vulnerabilities that you just love to exploit? I know I have a few and one of them is web cache deception. Is
Category: Web security
How to get your first CVE
When doing a Penetration testing exercise against Web applications, you will always come across to up-to-date WordPress instances. No public CVEs and no publicly known exploits for WordPress Core and WordPress Plugins. And yet, is the website really secure?
Practical GraphQL attack vectors
On a recent engagement, we found an instance of GraphQL on a server and I noticed that there are not many articles describing the different
Tricking blind Java deserialization for a treat
During a black-box penetration test we encountered a Java web application which presented us with a login screen. Even though we managed to bypass the
Robot hacking research
Later this past month, our lab welcomed a very important individual: Robi the robot (it has a camera and speakers!). We also received the honors to
Phishy Basic Authentication prompts
In one of our previous posts, we noted that a popular tool – Responder – uses Basic Authentication prompts to harvest user credentials when they
Security Café 