This blog post is intended to be a guide on effective and efficient methods of
identifying broken access control. This is not an end-all-be-all guide and
explanation of broken access controls.
What Are Access Controls?
Access controls are policies put in place to prevent unauthorized access. They
delegate which users…
Hackers, both white and black hat, depend considerably on open-source
intelligence (OSINT) derived from publicly available information. Security
professionals’ knowledge of OSINT collection methods and techniques is crucial
for assessing threats.
In this post we use tesla.com in some examples. We chose them solely due to the
This post will walk through the process we followed to build a search engine for
leaked credentials from publicly disclosed breaches/database leaks using Django
REST Framework and PostgreSQL. At the end of this blog, you should have all you
need to build an API and frontend Web Application…
Atomic Red Team is an excellent collection of commands, activities, and other
Indicators of Compromise (IoCs) developed and maintained by Red Canary that your
blue team can benchmark against to hone their craft. We’ve loved using the
Atomic tests as a reference and have developed a GUI-based execution engine…
This blog post details a pre-authentication deserialization exploit in MuleSoft
Runtime prior to version 3.8.
During a recent Web Application penetration test, Tevora observed some
interesting headers being returned within the application data flow. The headers
contained a character sequence that should raise an immediate red flag to