The Risks of Storing Passwords in SharePoint

In the era of increasing cyber threats, the security of sensitive information has become paramount for organizations of all sizes. SharePoint, a widely used platform for collaboration and information management, is not immune to these concerns. A particularly alarming issue is the storage of passwords in SharePoint, which, if not managed properly, can lead to

What is Blind XSS?

You may have heard of Reflected Cross Site Scripting (XSS) or Stored XSS, but what is Blind XSS? Unlike traditional XSS attacks, where the immediate impact is visible, Blind XSS vulnerabilities are typically triggered when the malicious input is viewed by a different user, often an administrator or a support person, at a later time

Another OSCP Blog Post

First, what is the OSCP? If you are ever curious about what it takes to become an ethical hacker, you will most likely find yourself googling “How to become a hacker”. Within your research, it doesn’t take long to read countless blogs and forums that point to the OSCP certification, by Offensive Security. As many

Common IoT Device Vulnerabilities in 2023

We made a list of common IoT device vulnerabilities we discovered during the year of 2023! Understanding common vulnerabilities in IoT devices is crucial for both consumers and manufacturers to ensure the safety and privacy of users. In this blog post, we’ll explore these vulnerabilities and discuss measures to mitigate them. Common Vulnerabilities in IoT

The Importance of Comprehensive IoT Penetration Testing in Modern Cybersecurity

IoT Penetration Testing is needed in today’s dynamic landscape of the Internet of Things (IoT), where everyday devices are interconnected and smarter than ever. Comprehensive IoT Penetration Testing emerges as a crucial strategy for businesses and individuals alike to fortify their digital frontiers. This blog post delves into the why and how of thorough IoT

Shodan Series Part 2: The Untraditional Web Ports

Our goal of this series is to revisit Shodan and demonstrate to IT admins and business owners, how much an attacker can glean of a network without sending any packets to the actual to an organization. Our last post focused on Remote Desktop Protocol being exposed to the publicly accessible internet: This week we

The Power of Password Complexity

In the constantly evolving landscape of cybersecurity, two factors consistently play pivotal roles in safeguarding digital assets: password complexity and regular penetration testing. At Brackish Security, we’ve seen firsthand how these elements work in tandem to fortify defenses against cyber threats. The Importance of Password Complexity In an age where data breaches are increasingly common,

Not All Penetration Tests Are Created Equally

In the dynamic world of cybersecurity, penetration testing (pen testing) has become a cornerstone for businesses seeking to fortify their defenses against cyber threats. However, it’s crucial to understand that not all Penetration Tests are created equally. At Brackish Security, we believe in enlightening our clients about these differences, ensuring they can make informed decisions