News

For the Techs

11 Oct 2018

Configuring Metasploit and Empire to Catch Shells behind an Nginx Reverse Proxy

Updated: Jul 21, 2020 During red team engagements, we’ve found ourselves in the situation of wanting to use multiple remote access… Read More

For the Techs

11 Oct 2018

Configuring Metasploit and Empire to Catch Shells behind an Nginx Reverse Proxy

Updated: Sep 2, 2020 During red team engagements, we’ve found ourselves in the situation of wanting to use multiple remote access… Read More

For the Techs

03 Aug 2018

Taking Local File Disclosure to the Next Level

I recently discovered a path traversal vulnerability on a bash script exposed through the cgi-bin directory on an Apache server.… Read More

For the Techs

24 Jul 2018

Deserialisation Vulnerabilities

Updated: Jul 21, 2020 Seemingly one of the most overlooked security vulnerabilities in the web applications that we test is… Read More

For the Techs

10 Jun 2017

Stealing Amazon EC2 Keys via an XSS Vulnerability

On a recent engagement, our testers were faced with a single page web application which was used to generate PDF… Read More

For the Techs

10 May 2017

Android Exploit Development with the Android Open Source Project Toolchain

In 2015 a group of vulnerabilities labelled as Stagefright gained notoriety for their ability to hack your device via MMS… Read More