Why Penetration Testing Is No Longer Optional: Lessons from the SharePoint Breach
In July 2025, Microsoft disclosed a critical vulnerability in SharePoint that allowed attackers to execute arbitrary code and gain access to sensitive systems – no password required. For organizations relying on SharePoint to manage internal documents and workflows, this was...
The Future of Penetration Testing: How AI and Continuous Validation Are Redefining Security in 2025
Cybersecurity has never been a static game. Every year, attack surfaces expand, threat actors evolve, and organizations are forced to adapt. In 2025, penetration testing — long considered the cornerstone of proactive defense — is undergoing one of its most...
API Security: Best Practices for Protecting Your Application Interfaces
In today’s interconnected digital landscape, Application Programming Interfaces (APIs) are the backbone of modern applications. From mobile apps and SaaS platforms to cloud services and IoT devices, APIs enable seamless communication and integration across systems. But with their power and...
The Role of Continuous Penetration Testing in Modern Cybersecurity Strategies
In cybersecurity, standing still is not an option. With threats evolving by the hour and attack surfaces expanding across cloud infrastructure, APIs, and remote endpoints, organizations can no longer afford to rely on a once-a-year pen test. A single point-in-time...
What is Blind XSS?
You may have heard of Reflected Cross Site Scripting (XSS) or Stored XSS, but what is Blind XSS? Unlike traditional XSS attacks, where the immediate impact is visible, Blind XSS vulnerabilities are typically triggered when the malicious input is viewed...
Android Studio – Mobile Application Penetration Testing #5
Welcome back to our series on Mobile Application Penetration Testing! In this post we will discuss Android Studio and Android Debug Bridge. If you’re new to this, you might want to go read from the beginning or check out the...
Shodan Series Part 2: The Untraditional Web Ports
Our goal of this series is to revisit Shodan and demonstrate to IT admins and business owners, how much an attacker can glean of a network without sending any packets to the actual to an organization. Our last post focused...
The Power of Password Complexity
In the constantly evolving landscape of cybersecurity, two factors consistently play pivotal roles in safeguarding digital assets: password complexity and regular penetration testing. At Brackish Security, we’ve seen firsthand how these elements work in tandem to fortify defenses against cyber...
Not All Penetration Tests Are Created Equally
In the dynamic world of cybersecurity, penetration testing (pen testing) has become a cornerstone for businesses seeking to fortify their defenses against cyber threats. However, it’s crucial to understand that not all Penetration Tests are created equally. At Brackish Security,...
IIS Short File Name Enumeration
Microsoft IIS short file name enumeration is a technique used to discover the filenames and directories on a web server running IIS. This method exploits a feature in IIS related to how it handles file and directory names. This vulnerability...