Skip to main content

Tag: VulnerabilityAssessment

Articles tagged with VulnerabilityAssessment
← Back to all tags

VulnerabilityAssessment Articles

Illustration of Accessing Internal Network by WiFi Hacking - 2024 Pentest Case

Accessing Internal Network by WiFi Hacking - 2024 Pentest Case

Aleksander Wojdyła

During the last penetration test, I performed an Evil Twin attack, which involves setting up a fake access point with the same name as the legitimate one. Due to improper configuration of endpoint devices (e.g., computers, phones, tablets), users could accept an incorrect (fake, generated by the auditor) certificate identifying the network. This led to a successful capture of the authentication segment of the communication. Subsequently, the auditor subjected the captured data to brute-force attacks, resulting in the retrieval of credentials.

READ article
Illustration of From SOQL Query to Data Breach - Lessons from a Real-World Pentest

From SOQL Query to Data Breach - Lessons from a Real-World Pentest

Adam Borczyk

During one of security audits of a web application, I uncovered an interesting vulnerability: the exposure of an endpoint that allows users to perform arbitrary Salesforce Object Query Language (SOQL) queries. Such functionality, when available to unauthorized users or misconfigured, poses significant security risk, especially if Row-Level Security (RLS) permissions are not properly set. In this article I will analyze technical aspects of this vulnerability, the potential risks, and steps to mitigate such issues.

READ article
Illustration of Bypassing Host Validation: Real Pentest Case of Sensitive Data Exposure

Bypassing Host Validation: Real Pentest Case of Sensitive Data Exposure

MATEUSZ Kowalczyk

During one of penetration tests, I discovered a vulnerability that allowed us to bypass a host whitelist, leading to the exposure of sensitive data. This behavior could let attackers to exfiltrate sensitive information, such as password reset tokens, to external hosts they control. The severity of this vulnerability is significant, as it opens up further attack vectors that could potentially compromise the application and its users.

READ article
Illustration of Hacking IBM AS/400 in 2024: QShell and Remote Code Execution

Hacking IBM AS/400 in 2024: QShell and Remote Code Execution

MATEUSZ Kowalczyk

A few months ago, one of our clients commissioned us to audit a customer service application that continued to use the IBM AS400 environment. These days, an emulator is needed to connect to this application. An AS/400 emulator is software designed to emulate the functionality of an AS/400 system on a different platform, such as a modern desktop or server computer. These emulators enable users to access and interact with AS/400 applications and resources without the need for physical AS/400 hardware.

READ article
A professional cybersecurity consultant ready to assist with your inquiry.

Any questions?

Happy to get a call or email
and help!

Contact Us