Let’s Talk About Direct Object References
Kelsey Bellew // Maybe you don’t know what Direct Object References mean, if you Google it, you’d get this: This description uses the words “direct”, “object” and “reference” to describe a […]
Kelsey Bellew // Maybe you don’t know what Direct Object References mean, if you Google it, you’d get this: This description uses the words “direct”, “object” and “reference” to describe a […]
Sally Vandeven // As pentesters we LOVE passwords – they come in all shapes and sizes. A good password has 16+ characters and a mix of case, digits and special […]
Rick Wisser // Ohhh Who Says Tree’s are not Interesting RFID’s (Radio-Frequency Identification) have been around for a while now and are utilized for Inventory tracking/control, retail, clothing, animal tracking, […]
Carrie Roberts & Brian King // We were recently testing a web application that used ASP.NET cookieless sessions. This meant that the session token was part of the URL as shown in the […]
David Fletcher // Recently, while assessing a web application I noticed content on one of the pages that appeared to be derived from sensitive information stored within the site’s user […]
Dakota Nelson // It’s become more and more common lately to see advanced attackers using legitimate internet channels to move data in and out of networks. Social networks such as […]
Joff Thyer // Many of us in the penetration testing community are used to scenarios whereby we land a targeted phishing campaign within a Windows enterprise environment and have […]
Joff Thyer // When performing a penetration of test of organizations with Windows desktops, many testers will now resort to using tools like Veil’s Powershell Empire in order to […]