Learn how Azure Load Testing's JMeter JMX and Locust support enables code execution, metadata queries, reverse shells, and Key Vault secret extraction vulnerabilities.
The post Extracting Sensitive Information from Azure Load Testing appeared first on NetSPI.
( 20
min )
Two weeks ago, we published research on GitHub Device Code Phishing, a simple technique that can turn an eight-digit code and a phone call into a complete compromise of an organization’s GitHub repositories and software supply chain. While the concept is simple, executing these attacks often brings multiple layers of complexity, like building a convincing […]
The post GitPhish: Automating Enterprise GitHub Device Code Phishing appeared first on Praetorian.
( 16
min )
TL;DR Introduction If you went to our PTP Cyber Fest over the Infosec week you may have seen the PTP hack car being used as a games controller for the game SuperTuxKart (a free and open-source Mario Kart type game). You really could steer, accelerate and brake using the car, ‘driving’ the on screen kart! […]
The post How we turned a real car into a Mario Kart controller by intercepting CAN data appeared first on Pen Test Partners.
( 10
min )
With tens of thousands of CVEs flooding in each year, how do you spot the ones that actually matter? At Bishop Fox, we’ve built a smarter way to cut through the noise and act fast on real-world threats. Here’s how we prioritize CVEs that truly impact our customers.
( 8
min )
Private key compromise accounted for 43.8% of crypto hacks in 2024, yet traditional smart contract audits rarely address architectural access control weaknesses. This post introduces a four-level maturity framework for designing protocols that can tolerate key compromise, progressing from single EOA control to radical immutability, with practical examples demonstrating multisigs, timelocks, and the principle of least privilege.
( 9
min )
TL;DR Introduction The Content Security Policy (CSP) is a layer of security for web applications that helps detect and stop client-side attacks such as Cross-Site Scripting (XSS), Clickjacking, data exfiltration, or mixed content loading. Web applications will set a CSP in their response headers with a selection of parameters that control what the browser interprets […]
The post CSP directives. Base-ic misconfigurations with big consequences appeared first on Pen Test Partners.
( 9
min )
TL;DR The UK Cyber Security and Resilience Bill (CS&R) was announced last year in the King’s Speech. It addresses gaps in current regulation, like NIS, with a broad scope, enhanced incident reporting requirements, and highlights the importance of supply chains in security. It is expected to come into force early 2026. Scope CS&R expands the […]
The post Prepare for the UK Cyber Security and Resilience Bill appeared first on Pen Test Partners.
( 6
min )
A new incident comes in. The CEO’s laptop shows possible Cobalt Strike activity. Your host investigation shows that the attacker likely gained privileged access to her host and the initial activity is from two days ago. You contain the host in your EDR agent. But now you must determine if the attacker moved laterally inside … Continue reading Tracking historical IP assignments with Defender for Endpoint logs →
( 15
min )
Explore the next wave of Red Team tools focused on cloud, identity, evasion, and developer libraries—where stealth, creativity, and adaptability matter more than flashy features. Learn how Bishop Fox operators turn techniques into strategic advantage.
( 8
min )
Welcome to June! We’re back—this time, we're exploring Sitecore’s Experience Platform (XP), demonstrating a pre-auth RCE chain that we reported to Sitecore in February 2025.
We’ve spent a bit of time recently looking at CMS’s given the basic
( 22
min )
TL;DR Introduction I’m quite a curmudgeon about whether we should report some of the traditional security findings because of a lack of actual risk, something I have written about and even given a talk about. Inside our tech team, I raise up what I call “vulnerabilities that aren’t” where there is little risk in most […]
The post Android AI UX is great until it leaks your data appeared first on Pen Test Partners.
( 8
min )
GoClipC2: A covert Windows clipboard-based C2 channel for VDI/RDP environments. Bypasses network monitoring with encrypted Base64 messaging.
( 10
min )
I added a quota feature to virustotal-search.py’s -l (–limitrequests) option. -l is an option to limit the number of requests: you specify the maximum number of requests to make, and virustotal-search.py will stop once that maximum is reached. Remark that virustotal-search.py does 4 hash lookups per requests, thus if your remaining quota for the day […]
( 13
min )
It’s been a whirlwind two months since AI-powered features landed in Burp Suite Professional. Thousands of security testers across the world have been using Burp AI to find vulnerabilities and secure
( 5
min )
TL;DR: When we planned the first PTP Cyber Fest last year, we set out to create something different from the usual cybersecurity events. After two busy days last week, we can proudly say the event delivered exactly what we hoped for and more. Paying it forward Cyber Fest has always been about creating space for […]
The post PTP Cyber Fest 2025. More than just another conference appeared first on Pen Test Partners.
( 6
min )
I added value stdout for option -W. -W stdout: will write all items to stdout (binary) without any end-of-line.To include an end-of-line, specify a Python string, like this:-W stdout:’\n’ this will add a newline to the end of the item-W stdout:’\r’ this will add a carriage return to the end of the item-W stdout:’\r\n’ this […]
( 11
min )
I added option -u (–unique) to remove duplicates to search-for-compressions.py.
( 11
min )
Discover how NetSPI uncovered and reported a vulnerability in Microsoft Defender for Identity that allowed unauthenticated attackers to perform spoofing and elevate privileges.
The post CVE-2025-26685 – Spoofing to Elevate Privileges with Microsoft Defender for Identity appeared first on NetSPI.
( 18
min )
In October 2023, we audited Silence Laboratories’ DKLs23 threshold signature scheme (TSS) library—one of the first production implementations of this then-novel protocol that uses oblivious transfer (OT) instead of traditional Paillier cryptography. Our review uncovered serious flaws that could enable key destruction attacks, which Silence Laboratories promptly fixed.
( 5
min )
You probably heard about the blackout in Spain & Portugal that happened more than a month ago at the time I’m writing this, and is still under investigation to find out the root cause. It inspired me to do the following test: how long will my fridge run when powered by my power station. I […]
( 13
min )
This report uncovers a set of related threat clusters linked to PurpleHaze and ShadowPad operators targeting organizations, including cybersecurity vendors.
( 36
min )
This update to pngdump.py adds an index for chunks, and allows for the selection of a chunk via its index.
( 11
min )
Although many of my tools have zero or a just a few dependencies (it’s a design decision), I’ve had requests to create a requirements file. It is available now in Didier Stevens Suite ZIP file and on GitHub. Some dependencies are only necessary when you actually use the corresponding feature. For example, many of my […]
( 12
min )
TL;DR: The AlwaysTrustUserCerts module now supports Android 7 until Android 16 Beta. If you want to learn more about Mainline, Conscrypt and how everything works together, keep reading! Intro To properly test the backend of any mobile application, we need to intercept (and modify) the API traffic. We could use Swagger or Postman files if … Continue reading Intercepting traffic on Android with Mainline and Conscrypt →
( 21
min )
Explore our top Red Team tools for 2025—from powerful C2 frameworks to Active Directory and network exploitation utilities. Built for real-world adversary emulation, this toolkit is your edge in offensive security. Dive into part one of our expert-curated series.
( 8
min )
We began with a simple question: could laser fault injection be democratized? Our answer is a resounding yes. With back-of-the-envelope physics, modest optics, and basic spare parts, we created a replicable, low-cost method for laser-based hardware attacks.
The post Pew Pew, Precisely: The Physics and Practices Behind RayV Lite appeared first on NetSPI.
( 17
min )
The post Multiple CVEs in Infoblox NetMRI: RCE, Auth Bypass, SQLi, and File Read Vulnerabilities appeared first on Rhino Security Labs.
( 7
min )
It’s something that I’ve been doing for 10+years, but every couple of years I need to configure this again (on a new machine), and then I need to look it up because I forgot the details. Hence this quickpost. This is how I run Firefox on Windows: This allow me to run multiple instances (option […]
( 12
min )
This tool is still beta. VBA compression is now supported, besides zlib compression. Option -t (–type) was added so that one can choose the compression type to search for. Possible values are zlib (default) or vba. And shortcut #p# was added to the yara option, to predefine these rules: I’ll explain in another blog post […]
( 12
min )
No content preview
( 7
min )
In this blog, we are excited to announce our white paper on Return on Mitigation (RoM), a framework we designed to quantify the financial impact of security programs in a way that speaks to business leaders.
( 6
min )
No content preview
( 4
min )
What if your security program could self-optimize: analyze trends, identify weak points, and proactively propose actionable steps to strengthen defenses? With HackerOne Recommendations, it can.
( 5
min )
What are Hackbots and how are they impacting vulnerability discovery and the researcher community?
( 6
min )
The new DORA regulation: everything your organization needs to know about its impact and how to comply.
( 5
min )
The term “special relationship,” coined by Winston Churchill, describes the close, longstanding alliance between the United States and the United Kingdom. It has been applied to cooperation during war, to trade and commerce, and even to intelligence sharing. That special relationship has clearly influenced the two nations’ recent policy papers on national cybersecurity. The U.K. […]
The post Protecting Critical Infrastructure: A Tale of Two National Cybersecurity Strategies appeared first on Synack.
( 7
min )
Scoping Adventures is a series of blogs about some of the more interesting penetration tests that the Synack Customer Success teams have worked on over the last few months. Each blog outlines how we engage with the client to achieve the best results from a pentest. Pentesters love colors—red, blue, purple, black, white and grey […]
The post Scoping Adventures: How to Get the Most Out of Your Synack Pentesting appeared first on Synack.
( 11
min )
The Synack Platform & Five Pillars of Strategic Pentesting Why You Need to Think Strategically It’s no great revelation that tactics, techniques, and procedures utilized by nefarious hackers hacking activities are evolving on a daily basis. In 2022, 18,828 common vulnerabilities and exposures (CVEs) were published. At the same time, organization attack surfaces are expanding. […]
The post Applying Strategic Thinking in Your Pentesting Program appeared first on Synack.
( 7
min )
One week ago, the Biden administration unveiled its long-awaited U.S. National Cybersecurity Strategy, with an eye toward centralizing government cyber resources and holding IT vendors more accountable for their digital defenses. Now that the ink is dry on the 35-page document, top officials like Acting National Cyber Director Kemba Walden are busy putting it into […]
The post The U.S. has a new cybersecurity strategy. What’s next for CISOs? appeared first on Synack.
( 7
min )
