Over the years I’ve seen a lot of misconfigurations or a lack of configurations when it comes to protecting Windows credentials, hashes or Kerberos tickets.
How to get your first CVE
When doing a Penetration testing exercise against Web applications, you will always come across to up-to-date WordPress instances. No public CVEs and no publicly known exploits for WordPress Core and WordPress Plugins. And yet, is the website really secure?
Practical GraphQL attack vectors
On a recent engagement, we found an instance of GraphQL on a server and I noticed that there are not many articles describing the different
Identifying vulnerabilities and potential victims
Introduction Nowadays, the cybersecurity field is becoming more and more important in everyday life as technologies evolve continuously and more malicious people, so-called hackers, want
Tricking blind Java deserialization for a treat
During a black-box penetration test we encountered a Java web application which presented us with a login screen. Even though we managed to bypass the
Security Café 