When doing a Penetration testing exercise against Web applications, you will always come across to up-to-date WordPress instances. No public CVEs and no publicly known exploits for WordPress Core and WordPress Plugins. And yet, is the website really secure?
On a recent engagement, we found an instance of GraphQL on a server and I noticed that there are not many articles describing the different
During a black-box penetration test we encountered a Java web application which presented us with a login screen. Even though we managed to bypass the
Later this past month, our lab welcomed a very important individual: Robi the robot (it has a camera and speakers!). We also received the honors to
In one of our previous posts, we noted that a popular tool – Responder – uses Basic Authentication prompts to harvest user credentials when they