Today, we’re going to dig into the most common methods of API authentication out there and discuss some of the security implications associated with each of them, from the perspective of a penetration tester. As Application Programming Interfaces (APIs) continue to become a more prevalent tool used in website architecture, the security associated with them […]
In today’s blog, we will be taking a high-level look at a popular attack called Kerberoasting. Kerberoasting is used by attackers to escalate privileges once they gain initial access to an internal network. As penetration testers, we regularly use this attack vector during engagements and are generally successful in doing so. Let’s take a look […]
We are often times asked “why did you become a penetration tester” or “why should I get into penetration testing”? There are many different reasons to get into penetration testing and everyone is motivated by different things. We took a poll in our office of why our team members got into penetration testing and today […]
In today’s blog, we will be taking a very high-level look at buffer overflow attacks. Attackers exploit buffer overflow vulnerabilities by overwriting the memory of an application. By doing so, an attacker can change the execution flow of the program, thereby instructing the program to execute code stored in an area of memory the attacker controls. Consider […]
The COVID-19 pandemic has reshaped our organizations as we know them. For many, they have shifted from an on-site location to primarily working from home. What was first thought to be a few weeks, has now turned into a few months, and likely the impacts of this pandemic on your organization’s IT operations and procedures […]
We’ve been running across a lot of modern web applications lately that have implemented JSON Web Tokens (also known as JWTs) for session tracking. JWTs are an open, industry standard designed to securely transmit information between two parties as a cryptographically-signed, JSON object. While the JWT specification is designed generically to account for a variety […]
