IIS Short File Name Enumeration

Microsoft IIS short file name enumeration is a technique used to discover the filenames and directories on a web server running IIS. This method exploits a feature in IIS related to how it handles file and directory names. This vulnerability is kind of the gift that keeps on giving. As of writing, it’s been around

Software and Data Integrity Failures – OWASP Top Ten

Welcome to the final entry in our OWASP Top Ten Series – Software and Data Integrity Failures. If you haven’t read any of the previous ones, check them out. Among the OWASP Top Ten entries, Software and Data Integrity Failures have emerged as a formidable category that encapsulates a range of issues where assumptions about

AI-Enhanced Reconnaissance: Fueling Sophisticated Security Breaches

The dawn of the digital age has led to a constantly evolving cat-and-mouse game between cybercriminals and those working to thwart their malicious intents. While we’ve seen significant advancements in defensive cybersecurity mechanisms, attackers are also leveraging cutting-edge technology to up their game. One such tool in their arsenal is Artificial Intelligence (AI). In particular,

Mobile Application Penetration Testing – #2 – MobSF Intro

If you haven’t read the previous entry in the Mobile Application Penetration Testing series, check it out. In this post we will start in with a frequently use mobile application security tool – MobSF. This is a tool that you’ll pretty much want to use on every mobile test that you do. As said before,

Mobile Application Penetration Testing – #1 – Getting Started

Welcome to the first of many parts of our series on Mobile Application Penetration Testing. We wanted to write this series because it seems like a lot of the material out there on mobile application penetration testing is out of date, wrong, or lacking. Furthermore, when it comes to mobile application penetration testing, there are

Turkeys Will Get Stuffed Soon. Credentials Will Get Stuffed Now.

Introduction Credential stuffing is a form of cyberattack where attackers use automated scripts to try a large number of username and password combinations (usually obtained from previous breaches) on multiple websites, hoping that individuals have reused their credentials. While this attack method is not sophisticated, its simplicity and effectiveness make it a go-to strategy for

Unmasking the Shadows: The Unseen Vulnerabilities Within Your Walls

Prior to reading this, please check out a previous blog of ours on how important an external penetration test is. Hey there, security enthusiasts and curious minds alike! Today, we are taking a deep dive into a topic that’s often buzzing around but isn’t always entirely understood – yes, we’re talking about Internal Penetration Testing

Beyond the Breach: The Essential Role of Regular Penetration Testing in Safeguarding Organizational Reputation

In today’s interconnected world, cyber resilience is not just about protecting data but is closely tied to an organization’s reputation and trustworthiness. A cyberattack doesn’t only translate to financial losses but can significantly tarnish a company’s image. A case in point is the recent cyberattack on Clorox, emphasizing the imperative of preemptive measures, particularly regular