Recent Posts

Categories

Archives

Exploiting SSRF in AWS Elastic Beanstalk

February 1, 2019

In this blog, Sunil Yadav, our lead trainer for “Advanced Web Hacking” training class, will discuss a case study where a Server-Side Request Forgery (SSRF) vulnerability was identified and exploited to gain access to sensitive data such as the source code. Further, the blog discusses the potential areas which could… Read More

Hunting the Delegation Access

January 17, 2019

Active Directory (AD) delegation is a fascinating subject, and we have previously discussed it in a blog post and later in a webinar. To summarize, Active Directory has a capability to delegate certain rights to non (domain/forest/enterprise) admin users to perform administrative tasks over a specific section of AD. This… Read More

Project Blacklist3r

November 23, 2018

TL;DR The goal of this project is to accumulate the secret keys / secret materials related to various web frameworks, that are publicly available and potentially used by developers. These secrets will be utilized by the Blacklist3r tools to audit the target application and verify the usage of these pre-published… Read More

Out of Band Exploitation (OOB) CheatSheet

August 30, 2018

Introduction: Out-Of-Band (OOB) technique provides an attacker with an alternative way to confirm and exploit a vulnerability which is otherwise “blind”. In a blind vulnerability, as an attacker you do not get the output of the vulnerability in the direct response to the vulnerable request. The OOB techniques often require… Read More

NotSoSecure joins the Claranet Group

July 5, 2018

The acquisition puts the NotSoSecure business in a position of significantly greater strength, with a broader portfolio of services now available to our customers. NotSoSecure has been acquired by Claranet, one of Europe’s leading managed IT services providers, to add our ethical hacking training and penetration testing services to its… Read More