In the dynamic world of cybersecurity, penetration testing (pen testing) has become a cornerstone for businesses seeking to fortify their defenses against cyber threats. However, it’s crucial to understand that not all Penetration Tests are created equally. At Brackish Security, we believe in enlightening our clients about these differences, ensuring they can make informed decisions
Microsoft IIS short file name enumeration is a technique used to discover the filenames and directories on a web server running IIS. This method exploits a feature in IIS related to how it handles file and directory names. This vulnerability is kind of the gift that keeps on giving. As of writing, it’s been around
We wanted to create this blog series to highlight how important regular penetration testing is and how it effectively reduces risk. This week we will focus on port 3389, traditionally used for Windows Remote Desktop Protocol (RDP), which allows users to access their desktop over a network connection. It’s like leaving the keys in the
In this part of the guide we go over more of the MobSF output for the YouTube APK
In today’s digital age, where online transactions and interactions form the backbone of most businesses, cybersecurity has emerged as a paramount concern. For small businesses, especially, navigating the vast and often murky waters of cybersecurity can seem daunting. Yet, the need for such endeavors has never been more pressing. A concerning statistic reveals that a
Welcome to the final entry in our OWASP Top Ten Series – Software and Data Integrity Failures. If you haven’t read any of the previous ones, check them out. Among the OWASP Top Ten entries, Software and Data Integrity Failures have emerged as a formidable category that encapsulates a range of issues where assumptions about
In the ever-evolving world of cybersecurity, businesses often come across terms like ‘vulnerability assessments‘ and ‘penetration testing‘. While they might seem interchangeable to the untrained eye, they serve distinct purposes. Both are critical components of a comprehensive security strategy, but they approach the task of safeguarding a network from different angles. Let’s dive into the