In internal penetration tests and red team engagements, an account with write privileges over an SMB share can be your best bet to go further
Tag: pentesting
Mobile Pentesting 101: How to Pull APKs from Work Profile – A Real-World Intune Challenge
Introduction During a recent mobile application penetration test, I encountered a challenging scenario that many mobile security testers face nowadays: extracting APKs from applications installed
WinRAR RCE Vulnerability Spotlight: APT29’s Zero-Day Tactics
In early September 2023, APT29, a group affiliated with Russia’s SVR, targeted multiple embassy offices using a WinRAR vulnerability. Their cyberespionage aims hinted at geopolitical motives. Exploiting CVE-2023-38831, the attackers executed a phishing campaign using a deceitful PDF, demonstrating the critical role of cybersecurity awareness and regular software updates in preventing such attacks.
Remote Code Execution – Basics
In this blog post you will learn how to identify basic Remote Code Execution vulnerabilities and how to exploit them.Caution: Some payloads discussed here can
DLL Hijacking – Finding CVE-2023-36546 in PEStudio 9.52
How to discover your first CVEs with DLL Hijacking
Mobile Pentesting 101 – How to set up your Android Environment
This article gives an idea about how your Android pentesting environment should look like. What tools should I use? Do I really need a physical device? Do I need a rooted device to pentest an application?