May 20, 2020
Bypassing SQLi filters manually
SQL injection can be one of the most dangerous vulnerabilities. Here we will see how to bypass certain controls that developers put in their code.
May 6, 2020
Attacking a web server using SSRF
Here we will see what a Server Side Request Forgery is, how hackers can exploit it, and what are the best ways to protect against this attack.
April 29, 2020
Searching for credentials in a repository
As everyone knows in our context, production credentials should be protected. In this post, we explain how to extract old credentials and how to protect them.
March 31, 2020
Attacking a network using Responder
Windows hosts use LLMNR and NBT-NS for name resolution on the local network. These protocols do not verify addresses, and here we detail how to exploit this.
December 4, 2019
The meaning of Try Harder
The OSCP exam is one of the hardest certifications out there for pentesters. Here we show you how you can prepare yourself to do your best on it.
October 23, 2019
Intercept applications in newer Android phones
Android is one of the most suitable targets for hackers. Here we show how to intercept Android apps' web traffic by installing a self-signed certificate.
August 5, 2019
Attacking a DC using kerberoast
Windows Active Directory works using the Kerberos protocol, and in this blog post, we detail how we can exploit its functionality to obtain user hashes.
May 2, 2019
The weakest link in security is not the technology
Here we want to help you secure your deployments and avoid common mistakes. Infrastructure as code is one of the easiest ways to leverage cloud computing.
October 29, 2018
How to resolve HTB Bounty
In this article, we present how to exploit a Bounty machine's vulnerabilities and how to gain access as an Administrator and obtain the root flag.