PinnedPentesters choice: Useful links / software for daily work in ITHere you will find a current selection of useful websites or open source software that can make everyday life in the IT department easier.Apr 8Apr 8
EN: Interview — 11 years of OSCP — A personal reviewHardly any other industry is developing as dynamically as IT security. The constant development of technologies not only brings new…1d ago1d ago
DE: Interview — 11 Jahre OSCP — Ein persönlicher RückblickKaum eine Branche entwickelt sich so dynamisch wie die IT-Sicherheit. Die ständige Weiterentwicklung von Technologien bringt nicht nur…1d ago1d ago
Implementing accessed_at to ActiveStorage Blob in Ruby on RailsImplementing accessed_at in ActiveStorage Blob with Ruby on Rails: Tracking file access and adding authentication for secure downloads…Sep 9, 2023Sep 9, 2023
Uptime and Network Monitoring While Pentesting: Ensuring Service Continuity and Early DetectionIn the realm of penetration testing, it is essential to maintain an overview of the target environment while conducting simulated attacks…Jul 26, 2023Jul 26, 2023
Discovery of a reflective XSS vulnerability in ARP Guard software (CVE-2023–39575)Introduction We recently executed an internal security assessment for a customer. During this engagement we discovered a vulnerability in…Jun 21, 20238Jun 21, 20238
A short white box code audit of avoWe conducted a two-day penetration test on the product “Avo”, which is a Ruby / Ruby on Rails gem for building administrative interfaces…Jun 5, 2023Jun 5, 2023
Defeat LAPS with NTLMv1-RelayIn our internal pentests, relay attacks that use the NTLMv1 protocol are still successful (unfortunately). Many older systems cannot be…Oct 13, 2022Oct 13, 2022
LDAP Monitor — Live-Überwachung für Veränderungen an LDAP ObjektenDas ist mal wieder ein klassisches Beispiel für sogenannte “dual use software”. In unserem Pentest-Alltag nutzen wir immer häufiger die…Oct 19, 2021Oct 19, 2021
Disable advanced EDR solutions by abusing Microsoft signed kernel driverIn our daily research we discovered an awesome project on Github that focused on killing protected processes, especially modern anti…Jul 1, 2021Jul 1, 2021
