Introduction Nowadays, the cybersecurity field is becoming more and more important in everyday life as technologies evolve continuously and more malicious people, so-called hackers, want
Tricking blind Java deserialization for a treat
During a black-box penetration test we encountered a Java web application which presented us with a login screen. Even though we managed to bypass the
Robot hacking research
Later this past month, our lab welcomed a very important individual: Robi the robot (it has a camera and speakers!). We also received the honors to
Phishy Basic Authentication prompts
In one of our previous posts, we noted that a popular tool – Responder – uses Basic Authentication prompts to harvest user credentials when they
Going further with Responder’s Basic Authentication
There are a good number of situations when we find ourselves abusing the LLMNR and NBT-NS protocols on an infrastructure penetration test, more specifically on
Exploiting Timed Based RCE
In a recent penetration testing project we encountered a situation where in order to prove exploitability and possible damage we had to exfiltrate data from