On a recent engagement, we found an instance of GraphQL on a server and I noticed that there are not many articles describing the different
Tag: pentesting
Exploiting Timed Based RCE
In a recent penetration testing project we encountered a situation where in order to prove exploitability and possible damage we had to exfiltrate data from
Scripting Metasploit for a Real-Life Pentest
During a recent internal penetration test, we got to the point where we had to search a lot of Windows machines for Domain Admin tokens.
Security Café 