Pentesting GraphQL 101 Part 1 - Discovery
Discover GraphQL security experience from the GraphQL pentester point of view. This article will explain discovery in the pentesting process.| Escape DAST - Application Security Blog
When talking about AI and penetration testing, we can split the discussion into two main areas: using AI to perform pentests and performing pentests on AI systems. While Thoropass offers testing for large language models (LLMs), the core of many AI systems, this article focuses on the former: how AI is transforming modern pentesting. Can […] The post Can AI Replace Pentesters? How Thoropass Uses AI to Strengthen Human-Led Penetration Testing appeared first on Thoropass.| Thoropass
Discover GraphQL security experience from the GraphQL pentester point of view. This article will explain discovery in the pentesting process.| Escape DAST - Application Security Blog
Introducing Graphinder, a lightweight and blazing fast GraphQL endpoint finder, making penetration testing on GraphQL much faster ⚡️| Escape DAST - Application Security Blog
This month's post discusses pentest reports and how the various audiences that consume them sometimes misinterpret what they mean. We cover why findings in a report are not a sign of failure, why "clean" reports aren't always good news, and why it may not be necessary to fix every single identified vulnerability. The post concludes with a few takeaways about how the information in a pentest report helps inform the reader about the report subject's security posture.| Include Security Research Blog
The binary fltMC.exe is used to manage minifilter drivers. You can easily load and unload minifilters using this binary. To unload the Sysmon driver you can use: fltMC unload SysmonDrv If this bina…| 🔐Blog of Osanda
DVWA stands for Damn Vulnerable Web Application, and it certainly lives up to its name. It’s intended for beginners to the field of hacking – which definitely describes me – and includes a list of challenges commonly seen in real hacking engagements like SQL Injection, Cross-Site Scripting and File Inclusion/File Upload vulnerabilities, etc. How you […]| Sharp Security
Explore different penetration testing types, including black-box, white-box, and grey-box testing, and discover their unique attack vectors.| Escape - The API Security Blog
Learn about the differences between penetration testing and vulnerability assessment to discover why it's essential for businesses to do both.| ID Agent
In my previous article Exploring the MS-DOS Stub I stated that after experimenting, the Windows loader only cares about the e_magic and the e_lfanew members from the _IMAGE_DOS_HEADER. Because the rest of the members of the DOS header is used by MS-DOS to execute the stub program. Check it out if you have not. If […]| 🔐Blog of Osanda
PowerShell has gained popularity with SysAdmins and for good reason. It’s on every Windows machine (and now some Linux machines as well), has capabilities to interact with almost every service on every machine on the network, and it’s a command-line utility. For the same exact reasons, PowerShell has also become a favourite method of attackers […]| 🔐Blog of Osanda
I’ve previously published a post on extracting table names when /or/i was filtered which leads to filtering of the word information_schema. I did some more research into this area on my own and fou…| 🔐Blog of Osanda
WebARX is a web application firewall where you can protect your website from malicious attacks. As you can see it was mentioned in TheHackerNews as well and has good ratings if you do some Googling. https://thehackernews.com/2019/09/webarx-web-application-security.html It was found out that the WebARX WAF could be easily bypassed by passing a whitelist string. As you […]| 🔐Blog of Osanda
Generally in application security, the user input must be sanitized. When it comes to SQL injection the root cause most of the time is because the input not being sanitized properly. I was curious about Windows Management Instrumentation Query Language – WQL which is the SQL for WMI. Can we abuse WQL if the input […]| 🔐Blog of Osanda
Uncover industry-specific vulnerabilities & ensure compliance. Explore penetration testing requirements & assessments across various sectors. Learn more| WeSecureApp :: Securing Offensively
