Not All Penetration Tests Are Created Equally
In the dynamic world of cybersecurity, penetration testing (pen testing) has become a cornerstone for businesses seeking to fortify their defenses against cyber threats. However, it’s crucial to understand that not all Penetration Tests are created equally. At Brackish Security,...
IIS Short File Name Enumeration
Microsoft IIS short file name enumeration is a technique used to discover the filenames and directories on a web server running IIS. This method exploits a feature in IIS related to how it handles file and directory names. This vulnerability...
Penetration Testing for Small Businesses: Why It’s Crucial and How to Get Started
In today’s digital age, where online transactions and interactions form the backbone of most businesses, cybersecurity has emerged as a paramount concern. For small businesses, especially, navigating the vast and often murky waters of cybersecurity can seem daunting. Yet, the...
More MobSF – Mobile Application Penetration Testing #3
Welcome back for Part 3 of our series on Mobile Application Penetration Testing. If you haven’t read Part 1 or Part 2, go ahead and take a look. In this post we will go over some more of the MobSF...
AI-Enhanced Reconnaissance: Fueling Sophisticated Security Breaches
In today’s interconnected business ecosystem, maintaining a robust cybersecurity posture is not just about thwarting cyber threats—it’s about ensuring trust, reputation, and meeting the growing maze of regulatory standards. Brackish Security delves into how penetration testing can play an instrumental...
Turkeys Will Get Stuffed Soon. Credentials Will Get Stuffed Now.
Introduction Credential stuffing is a form of cyberattack where attackers use automated scripts to try a large number of username and password combinations (usually obtained from previous breaches) on multiple websites, hoping that individuals have reused their credentials. While this...
Unmasking the Shadows: The Unseen Vulnerabilities Within Your Walls
Prior to reading this, please check out a previous blog of ours on how important an external penetration test is. https://brackish.io/guarding-the-digital-front-door-the-external-penetration-test Hey there, security enthusiasts and curious minds alike! Today, we are taking a deep dive into a topic that’s...
Guarding the Digital Front Door: The External Penetration Test
The demand and pressure for penetration testing services are growing every day – ethical hackers are racing to find all the vulnerabilities before the not so ethical ones do. The subject of penetration testing has expanded and deepened, with each...
White Box Web Application Testing for Pentesters and Bug Bounty Hunters
White box web application penetration testing is one of my favorite things to do in the security world. If you’re new to this, “white box” means you have access to the source code of the application you’re testing. Keep in...
OWASP Top Ten – Insecure Design
Insecure Design was a new entry when the latest version of the OWASP Top Ten was released in 2021. An really, what it gets at is a good lesson – Designing an application with security in mind can go a...