Recent Posts



Analyzing CVE-2018-6376 – Joomla!, Second Order SQL Injection

February 9, 2018

Prefix While there are lots of security bugs disclosed each week, for us pentesters, some are more special than others. Very recently, a Second Order SQL Injection was reported in Joomla! and a good analysis can be found here:  In this blog post Savan Gadhiya and Amish Patadiya will… Read More

Anatomy of a Hack: SQLi to Enterprise Admin

September 14, 2017

We were recently engaged in a Red Team exercise in which the only information provided to us was the organisation name. In this blog post Sudhanshu Chauhan explores one of the exploitation paths which led us to gain Windows Enterprise Admin level access from a SQL injection vulnerability. The story… Read More

Instrumenting Native Android Functions using Frida

August 15, 2017

In our previous post: Pentesting Android Application Using Frida, Rohit looked at how we can use Frida for basic run time instrumentation. In short Frida can be used to dynamically alter the behavior of an Android application such as bypassing functions which can detect if the Android device is rooted… Read More

Maximum Password Length Reached!

June 7, 2017

A recent article by @mubix resurfaced the largely unknown fact that because password candidates (plain/mangled dictionary words and generated plain texts) are stored in GPU registers, there aren’t actually enough registers to store password candidates over certain lengths. As a result, our password cracking tools have been limited to these… Read More

One Rule to Rule Them All

June 1, 2017

Password cracking is a staple part of pentesting and with a few exceptions, dictionary/rule based attacks are the predominant method in getting those ever-elusive plain text values. Cracking rigs have afforded pentesters and blackhats alike the ability to throw a few graphics cards at some hashes and achieve phenomenal speeds,… Read More