OUR BLOG
Domain Admin through a simple Xerox Printer
IntroductionIn this blog post, we will explore the methods to utilize printers as a means to establish an initial foothold within a network, potentially compromising the domain controller and, consequently, the entire network. We will introduce a newly discovered...
LedgerSMB – CVE-2024-23831: Privilege escalation through CSRF attack on “setup.pl”
During an assessment, we discovered a vulnerability in the LedgerSMB application, a widely-used open-source accounting software tailored for small and mid-size businesses. This vulnerability, identified in versions 1.3 to 1.9, 1.10.0 to 1.10.29, and 1.11.0 to 1.11.8,...
The Current State of Phishing Attacks
Modern Challenges and SolutionsPart 1: Defenses Against Phishing AttacksPhishing attacks, one of the oldest types of cyber threats, have become more sophisticated and diverse. This evolution is due, in part, to advancements in cyber-defense technologies and policies....
Bypassing anti-reversing defences in iOS applications
Introduction This blog post provides a walktrough on dynamically bypassing anti-debugging and anti-reversing defences in iOS applications. Furthermore, this blog post is using resources from OWASP MASTG and provides a comprehensive guide that discusses about mobile...
iOS Instrumentation using Corellium, frida and r2frida
Introduction In this blog post we will discuss the use of Corellium emulator in Penetration Testing engagements. This blog post will also provide a walktrough on how to bypass Jailbroken detection using frida and r2frida, a plugin for radare2 that allows to instrument...
Basic knowledge to get started with Penetration Testing
Before jumping into the basic resources that a pentester should be familiar with, we first need to have an overview on what Penetration Testing actually is. As most online resources will mention, pentesting is an exercise where security experts try to identify and...