Welcome back to yet another day in this parallel universe of security.
This time, we’re looking at Fortinet’s FortiWeb Fabric Connector. “What is that?” we hear you say. That's a great question; no one knows.
For the uninitiated, or unjaded;
Fortinet’
( 13
min )
TL;DR Introduction We investigated a ransomware incident on a Windows Server 2012 host running in an SFTP-only role. The attacker delivered an attack that combined remote code execution, persistence, tunnelling, and a diversionary visit to Pornhub, before launching a ransomware payload. Background & scope An easy way in The compromised server was running a Telerik […]
The post Sil3ncer Deployed – RCE, Porn Diversion, and Ransomware on an SFTP-only Server appeared first on Pen Test Partners.
( 8
min )
Discover how secure code review catches privilege escalation vulnerabilities in Java Spring apps that pentests miss - identify insecure patterns early.
The post Detecting Authorization Flaws in Java Spring via Source Code Review (SCR) appeared first on NetSPI.
( 22
min )
Conventional pen testing methods fall short with LLMs. Static prompt tests miss adversarial context manipulation and latent model behaviors. Explore how to test AI systems like an attacker.
( 7
min )
In this first part we are going through the basic terminology and concepts of a Detection-as-Code approach in Detection Engineering. Throughout this series, we’ll dive deep into a wide range of concepts, strategies, and practical blueprints that you can adapt to fit your own workflows. From building a detection engineering repository to validating detections, automating documentation, and delivering them at scale to numerous managed environments. We’ll also explore how to effectively test and monitor your detections to ensure they stay reliable.
( 11
min )
NetSPI discovered a remote code execution vulnerability in SailPoint IQService using default encryption keys. Exploit details, discovery methods, and remediation guidance included.
The post Set Sail: Remote Code Execution in SailPoint IQService via Default Encryption Key appeared first on NetSPI.
( 18
min )
TL;DR Introduction Weak or compromised passwords are still one of the most common ways attackers get into an organisation’s network. That’s why running password audits in Active Directory is so important. But smaller companies often don’t have the time, budget, or resources to do them regularly. This blog post gives you a step-by-step guide to […]
The post How to conduct a Password Audit in Active Directory (AD) appeared first on Pen Test Partners.
( 11
min )
In blog post “My Fridge & My Portable Power Station” I managed to get a maximum of 778 Wh out of my portable power station with a rated capacity of 1260 Wh. Thinking that quite some power got lost in the AC inverter, I set out to measure the amount of power I can get […]
( 12
min )
Before you dive into our latest diatribe, indulge us and join us on a journey.
Sit in your chair, stand at your desk, lick your phone screen - close your eyes and imagine a world in which things are great. It’s sunny outside, the birds are chirping, and
( 9
min )
Our Red Team has explored and exploited vulnerabilities in the CI/CD space over the last several years, resulting in numerous successful offensive operations, open-source tool development, and presentations at Black Hat, DEF CON, and Schmoocon. With organizations increasingly relying on automated deployment pipelines, securing CI/CD infrastructure has become more critical than ever — yet many […]
The post CI/CD Training from the Front Lines: Offensive Security at Black Hat appeared first on Praetorian.
( 24
min )
Our CRS (Cyber Reasoning System), Buttercup, is now competing in the one and only scored round of DARPA’s AI Cyber Challenge (AIxCC) against six other teams to see which autonomous AI-driven system can find and patch the most software vulnerabilities.
( 2
min )
NimDoor shows how threat actors are continuing to explore cross-platform languages that introduce new levels of complexity for analysts.
( 33
min )
Learn how Azure Load Testing's JMeter JMX and Locust support enables code execution, metadata queries, reverse shells, and Key Vault secret extraction vulnerabilities.
The post Extracting Sensitive Information from Azure Load Testing appeared first on NetSPI.
( 20
min )
Two weeks ago, we published research on GitHub Device Code Phishing, a simple technique that can turn an eight-digit code and a phone call into a complete compromise of an organization’s GitHub repositories and software supply chain. While the concept is simple, executing these attacks often brings multiple layers of complexity, like building a convincing […]
The post GitPhish: Automating Enterprise GitHub Device Code Phishing appeared first on Praetorian.
( 16
min )
TL;DR Introduction If you went to our PTP Cyber Fest over the Infosec week you may have seen the PTP hack car being used as a games controller for the game SuperTuxKart (a free and open-source Mario Kart type game). You really could steer, accelerate and brake using the car, ‘driving’ the on screen kart! […]
The post How we turned a real car into a Mario Kart controller by intercepting CAN data appeared first on Pen Test Partners.
( 10
min )
With tens of thousands of CVEs flooding in each year, how do you spot the ones that actually matter? At Bishop Fox, we’ve built a smarter way to cut through the noise and act fast on real-world threats. Here’s how we prioritize CVEs that truly impact our customers.
( 8
min )
Private key compromise accounted for 43.8% of crypto hacks in 2024, yet traditional smart contract audits rarely address architectural access control weaknesses. This post introduces a four-level maturity framework for designing protocols that can tolerate key compromise, progressing from single EOA control to radical immutability, with practical examples demonstrating multisigs, timelocks, and the principle of least privilege.
( 9
min )
TL;DR Introduction The Content Security Policy (CSP) is a layer of security for web applications that helps detect and stop client-side attacks such as Cross-Site Scripting (XSS), Clickjacking, data exfiltration, or mixed content loading. Web applications will set a CSP in their response headers with a selection of parameters that control what the browser interprets […]
The post CSP directives. Base-ic misconfigurations with big consequences appeared first on Pen Test Partners.
( 9
min )
TL;DR The UK Cyber Security and Resilience Bill (CS&R) was announced last year in the King’s Speech. It addresses gaps in current regulation, like NIS, with a broad scope, enhanced incident reporting requirements, and highlights the importance of supply chains in security. It is expected to come into force early 2026. Scope CS&R expands the […]
The post Prepare for the UK Cyber Security and Resilience Bill appeared first on Pen Test Partners.
( 6
min )
A new incident comes in. The CEO’s laptop shows possible Cobalt Strike activity. Your host investigation shows that the attacker likely gained privileged access to her host and the initial activity is from two days ago. You contain the host in your EDR agent. But now you must determine if the attacker moved laterally inside … Continue reading Tracking historical IP assignments with Defender for Endpoint logs →
( 15
min )
Explore the next wave of Red Team tools focused on cloud, identity, evasion, and developer libraries—where stealth, creativity, and adaptability matter more than flashy features. Learn how Bishop Fox operators turn techniques into strategic advantage.
( 8
min )
Welcome to June! We’re back—this time, we're exploring Sitecore’s Experience Platform (XP), demonstrating a pre-auth RCE chain that we reported to Sitecore in February 2025.
We’ve spent a bit of time recently looking at CMS’s given the basic
( 22
min )
TL;DR Introduction I’m quite a curmudgeon about whether we should report some of the traditional security findings because of a lack of actual risk, something I have written about and even given a talk about. Inside our tech team, I raise up what I call “vulnerabilities that aren’t” where there is little risk in most […]
The post Android AI UX is great until it leaks your data appeared first on Pen Test Partners.
( 8
min )
GoClipC2: A covert Windows clipboard-based C2 channel for VDI/RDP environments. Bypasses network monitoring with encrypted Base64 messaging.
( 10
min )
I added a quota feature to virustotal-search.py’s -l (–limitrequests) option. -l is an option to limit the number of requests: you specify the maximum number of requests to make, and virustotal-search.py will stop once that maximum is reached. Remark that virustotal-search.py does 4 hash lookups per requests, thus if your remaining quota for the day […]
( 13
min )
It’s been a whirlwind two months since AI-powered features landed in Burp Suite Professional. Thousands of security testers across the world have been using Burp AI to find vulnerabilities and secure
( 5
min )
No content preview
( 7
min )
In this blog, we are excited to announce our white paper on Return on Mitigation (RoM), a framework we designed to quantify the financial impact of security programs in a way that speaks to business leaders.
( 6
min )
No content preview
( 4
min )
What if your security program could self-optimize: analyze trends, identify weak points, and proactively propose actionable steps to strengthen defenses? With HackerOne Recommendations, it can.
( 5
min )
What are Hackbots and how are they impacting vulnerability discovery and the researcher community?
( 6
min )
The new DORA regulation: everything your organization needs to know about its impact and how to comply.
( 5
min )
The term “special relationship,” coined by Winston Churchill, describes the close, longstanding alliance between the United States and the United Kingdom. It has been applied to cooperation during war, to trade and commerce, and even to intelligence sharing. That special relationship has clearly influenced the two nations’ recent policy papers on national cybersecurity. The U.K. […]
The post Protecting Critical Infrastructure: A Tale of Two National Cybersecurity Strategies appeared first on Synack.
( 7
min )
Scoping Adventures is a series of blogs about some of the more interesting penetration tests that the Synack Customer Success teams have worked on over the last few months. Each blog outlines how we engage with the client to achieve the best results from a pentest. Pentesters love colors—red, blue, purple, black, white and grey […]
The post Scoping Adventures: How to Get the Most Out of Your Synack Pentesting appeared first on Synack.
( 11
min )
The Synack Platform & Five Pillars of Strategic Pentesting Why You Need to Think Strategically It’s no great revelation that tactics, techniques, and procedures utilized by nefarious hackers hacking activities are evolving on a daily basis. In 2022, 18,828 common vulnerabilities and exposures (CVEs) were published. At the same time, organization attack surfaces are expanding. […]
The post Applying Strategic Thinking in Your Pentesting Program appeared first on Synack.
( 7
min )
One week ago, the Biden administration unveiled its long-awaited U.S. National Cybersecurity Strategy, with an eye toward centralizing government cyber resources and holding IT vendors more accountable for their digital defenses. Now that the ink is dry on the 35-page document, top officials like Acting National Cyber Director Kemba Walden are busy putting it into […]
The post The U.S. has a new cybersecurity strategy. What’s next for CISOs? appeared first on Synack.
( 7
min )
