Category: penetration testing

  • Blog
  • Category: penetration testing

MouseJacking (With Flipper Zero): Tales from Pen Testing Trenches

As a continuation in our series of penetration testing stories (who doesn’t love those) we bring you MouseJacking (With Flipper Zero). Check out the first blog post in the series here here. In this engagement, we were successfully able to compromise a network utilizing an old attack vector – MouseJacking. MouseJacking was first brought to

Tales from Pen Testing Trenches: MAC Address Whitelisting Failure

MAC address whitelisting is commonly perceived as a foolproof network security mechanism. Yet, Brackish Security’s recent test on a wireless network illustrates how easily this method can be bypassed, challenging its efficacy as a standalone security solution. MAC address whitelisting operates on the premise that only devices with pre-approved MAC addresses can access a network.

Android Studio – Mobile Application Penetration Testing #5

Welcome back to our series on Mobile Application Penetration Testing! In this post we will discuss Android Studio and Android Debug Bridge. If you’re new to this, you might want to go read from the beginning or check out the previous post. But not only will we discuss Android Studio and Android Debug Bridge, we

The Importance of Comprehensive IoT Penetration Testing in Modern Cybersecurity

IoT Penetration Testing is needed in today’s dynamic landscape of the Internet of Things (IoT), where everyday devices are interconnected and smarter than ever. Comprehensive IoT Penetration Testing emerges as a crucial strategy for businesses and individuals alike to fortify their digital frontiers. This blog post delves into the why and how of thorough IoT

IIS Short File Name Enumeration

Microsoft IIS short file name enumeration is a technique used to discover the filenames and directories on a web server running IIS. This method exploits a feature in IIS related to how it handles file and directory names. This vulnerability is kind of the gift that keeps on giving. As of writing, it’s been around

Even More MobSF – Mobile Application Penetration Testing #4

In this part of the guide we go over more of the MobSF output for the YouTube APK

Software and Data Integrity Failures – OWASP Top Ten

Welcome to the final entry in our OWASP Top Ten Series – Software and Data Integrity Failures. If you haven’t read any of the previous ones, check them out. Among the OWASP Top Ten entries, Software and Data Integrity Failures have emerged as a formidable category that encapsulates a range of issues where assumptions about

More MobSF – Mobile Application Penetration Testing #3

Mobile Application Penetration Testing