Skip to main content

Pentest Chronicles

If you’re interested in the world of cybersecurity, the related technical issues, and what’s challenging right now, you’re in the right place! This part talks about IT security more broadly and has the latest information, tips, and advice.
Illustration of Pentest Chronicles

Latest insight

Illustration of CVE-2025-8890 Authenticated RCE in SDMC NE6037 router

CVE-2025-8890 Authenticated RCE in SDMC NE6037 router

Grzegorz Bronka

When testing connectivity of the SDMC NE6037 router inputting a quote character into the "ping" utility revealed an error indicating a Remote Code Execution (RCE) vulnerability. It is quite common to find RCE vulnerabilities in routers’ connectivity tools (such as ping or traceroute). The user-supplied parameters are passed without sanitization as a parameter to a shell command. This was confirmed to be the root cause in this instance.

READ article

Other articles

Illustration of From SOQL Query to Data Breach - Lessons from a Real-World Pentest

From SOQL Query to Data Breach - Lessons from a Real-World Pentest

Adam Borczyk

During one of security audits of a web application, I uncovered an interesting vulnerability: the exposure of an endpoint that allows users to perform arbitrary Salesforce Object Query Language (SOQL) queries. Such functionality, when available to unauthorized users or misconfigured, poses significant security risk, especially if Row-Level Security (RLS) permissions are not properly set. In this article I will analyze technical aspects of this vulnerability, the potential risks, and steps to mitigate such issues.

READ article
Illustration of Bypassing Host Validation: Real Pentest Case of Sensitive Data Exposure

Bypassing Host Validation: Real Pentest Case of Sensitive Data Exposure

MATEUSZ Kowalczyk

During one of penetration tests, I discovered a vulnerability that allowed us to bypass a host whitelist, leading to the exposure of sensitive data. This behavior could let attackers to exfiltrate sensitive information, such as password reset tokens, to external hosts they control. The severity of this vulnerability is significant, as it opens up further attack vectors that could potentially compromise the application and its users.

READ article
Illustration of Hacking IBM AS/400 in 2024: QShell and Remote Code Execution

Hacking IBM AS/400 in 2024: QShell and Remote Code Execution

MATEUSZ Kowalczyk

A few months ago, one of our clients commissioned us to audit a customer service application that continued to use the IBM AS400 environment. These days, an emulator is needed to connect to this application. An AS/400 emulator is software designed to emulate the functionality of an AS/400 system on a different platform, such as a modern desktop or server computer. These emulators enable users to access and interact with AS/400 applications and resources without the need for physical AS/400 hardware.

READ article
Illustration of Heartbleed Vulnerability in 2024: A Fresh Case from Our Pentest

Heartbleed Vulnerability in 2024: A Fresh Case from Our Pentest

Paweł Różański

During a recent security audit, vulnerability known as The Heartbleed Bug was discovered on two publicly accessible servers. What is interesting it is a fact that this vulnerability was discovered 10 years ago! It allows an attacker to access data directly from the memory of vulnerable systems. In fact, it enables the extraction of sensitive information, including credentials, without any pre-existing access or authentication requirements.

READ article
Illustration of How NOT to store data in a desktop application?

How NOT to store data in a desktop application?

Mateusz Lewczak

Due to their offline nature, desktop applications often struggle with storing sensitive data in a secure way. Many developers mistakenly believe that compiling an application automatically secures the data within it. This approach is especially common in applications written in languages that are easy to decompile, like for example .NET. However, the truth is that no matter what technology is used, various techniques can still be used to access unprotected confidential information, which can lead to major security breaches. In this article, we'll take a look at some common methods that can be used to access supposedly secure information from desktop applications. We will also discuss the potential impacts of these vulnerabilities.

READ article
Illustration of Key Insights from Red Team Testing

Key Insights from Red Team Testing

krystian działowy

The goal of Red Team testing is to gain access to a company's internal network using various external, internal, or social engineering attacks. In other words, practically all methods are allowed, and the auditors' objective is to breach the internal network and carry out as many malicious operations as possible. In one of our recent tests of this type, our team, equipped with a wide range of scenarios, successfully infiltrated the client's internal network, gaining access to numerous resources where we obtained credentials to critical assets, such as databases and email accounts.

READ article
Illustration of From low-privileged user to Remote Code Execution: step-by-step pentest journey

From low-privileged user to Remote Code Execution: step-by-step pentest journey

Adam Borczyk

In the world of web application security, some vulnerabilities are naturally less impactful than others. We often hear about direct, short, and simple attacks that can compromise an entire server or application. Sometimes, however, it is chaining multiple, less dangerous vulnerabilities that leads to serious consequences. Here we will go through a case from one of the pentests from a couple of weeks ago, where having a low-privileged user account allowed us first to read the application source code, then to escalate to admin, and finally to obtain remote code execution.

READ article
A professional cybersecurity consultant ready to assist with your inquiry.

Any questions?

Happy to get a call or email
and help!

Contact Us