Analysing the Microsoft Windows Wi-Fi driver patch to understand the vulnerability (CVE-2024-30078) - Part2| Aura Research Division
Bypassing Microsoft Defender for Identity Suspicious certificate usage over Kerberos protocol (PKINIT) high severity alert.| Pentest Blog Posts on Aura Research Division
A quick post about making a more cost effective cover implant using a common wired mouse.| Aura Research Division
Analysing the Microsoft Windows Wi-Fi driver patch to understand the vulnerability (CVE-2024-30078) - Part1| Aura Research Division
Bypassing security prompts with file shares and more| Aura Research Division
Explore how GitHub Actions can be leveraged to rotate IP addresses during password spraying attacks to bypass IP-Based blocking such as Entra Smart lockout.| Aura Research Division
A framework for OAuth 2.0 device code authentication grant flow phishing.| Aura Research Division
How to take over an IoT camera stream.| Aura Research Division
Your Strict Transport Security policy may not be as strict as you think. A common misconfiguration can lead to a suprising amount of plaintext leakage.| research.aurainfosec.io
A detailed walkthrough of the process and hurdles faced in leveraging Evilginx3 to conduct a successful phishing campaign on a AD FS protected domain.| research.aurainfosec.io
CVE-2023-35803 - An adventure in finding and exploiting a buffer overflow in Extreme Networks/Aerohive Wireless Access Points| research.aurainfosec.io
Check that regex.| research.aurainfosec.io
BadUSB attacks have been a threat for years, but is the USB-C dock sitting on your desk the latest threat in disguise?| research.aurainfosec.io
Want to use SSH for reverse shells? Now you can.| research.aurainfosec.io
Learn how to write your own firmware for Aerohive devices! With a bonus side order of some remote code execution!| research.aurainfosec.io
A web browser's same origin policy plays a major role in preventing Cross-Site Request Forgery attacks. The standard is clear on what the acceptable behaviour is, but do all browsers follow it?| research.aurainfosec.io
SQLMap is one of the best tool in exploiting sql injection. However, there are moments where this tool will not produce the expected results if we do not supplying the correct options. This post covers a tricky SQL Injection vulnerability that I found in a recent assessment.| research.aurainfosec.io
U2F is an open, driverless, digital signature challenge-response protocol for secure two factor authentication. It’s designed to improve user security through ease of use.| research.aurainfosec.io
In this blog post Nilesh shares his experience performing a SCADA assessment, what pentest approach works best for highly sensitive systems, and preferred tools of the trade.| research.aurainfosec.io
An overview of how to begin searching for vulnerabilities within software, by fuzzing the binary with AFL| research.aurainfosec.io
Unfortunately, many SAML consumers don’t validate responses properly, allowing attacks up to and including full authentication bypass.| research.aurainfosec.io
The following post aims to provide a high level overview of an iOS application security review methodology and an introduction of some tools publicly available to perform the analysis.| research.aurainfosec.io