Tutorial

Fixing ESC1 - Enrollee supplies subject and template allows client authentication

ADCS misconfigurations are one of the most common privilege escalation vectors we encounter. This article covers steps to remediate ESC1 flaws.

Blog Post

Dumpster Diving for Data

Your trash could be a data breach. I found thousands of medical records on a discarded computer Medicare numbers, DOBs, and treatment plans.

Research

Orthanc 1.12.9 User Impersonation

A simple code review can lead to some quick wins if you know where to look. A couple hours of staring at C++ code led us to a user impersonation vulnerability in Orthanc 1.12.9.

Resource

ST4S Assessment

So you’ve just been told you need to meet ST4S requirements? Broken down into parts the ST4S framework is relatively straightforward.

Tutorial

Firebase Security Fundamentals

Every application built on Firebase that we've looked at has had the same vulnerabilities. These common vulnerabilities aren’t hard to prevent but they're easy to overlook.

Research Featured

Traccar Unauthenticated LFI v5.8-v6.8.1

Sometimes you search endlessly and find nothing. Other times, the gold just drops into your lap. This is a story about how we accidentally found a pretty impactful vulnerability.

Tutorial

Bypassing Windows Login Without Password

Forgot your Windows password? Or maybe you're in physical possession of a device that you don't have the password for? Here's a trick to bypass that login screen.

Writeup

HTB CBBH Review - A Penetration Tester's Perspective

If web application security interests you, HTB’s CBBH offers structured practice that translates well to both bounty hunting and professional penetration testing.

Tutorial Featured

Salesforce Penetration Testing Fundamentals

This blog walks you through using our script to audit a Salesforce environment, uncovering excessive permissions and platform-specific risks like SOQL injection.

Tutorial

We can't set up the conversation because your organisations are not set up to talk to each other

Not our usual content, but this pops up often enough that we thought a quick write-up would be helpful for us to share to our customers and for anyone else.

Tutorial

Free Web Filtering

Free, simple, and effective. DNS based web filtering is a security control every organisation should consider. It adds a layer of protection with minimal effort and no additional cost.

Tutorial

Google Pixel Root Guide

Ever wondered what your app's really doing behind the scenes? This guide walks you through how to root any Google Pixel phone.

Tutorial

Password Policy GPO

We routinely crack 40% of passwords in a given Active Directory environment once we obtain Domain Admin. Updating the password policy to protect against modern password cracking techniques is one way to enforce better password usage in your environment.

Research Featured

FileFlows Vulnerabilities - SQL Injection by Decompiling .NET Code

Sometimes the good stuff isn’t on the surface. We turned to decompiling .NET code to find a hidden SQL injection flaw.

Resource

ISO 27001 Penetration Testing Requirements

Organisations pursuing ISO 27001 certification often ask: Is penetration testing required? The short answer is yes but with nuance.

Advisory

Vulnerability Disclosure Policy

Our vulnerability disclosure policy aims to achieve 2 things. Ensure vendors are given a reasonable amount of time to address reported issues and to provide affected users with actionable vulnerability information.

Tutorial

Network Segmentation Testing Guide

Network segmentation testing is a critical component of PCI DSS compliance. Doing it properly takes some thought and it can be easy to overlook misconfigurations without a plan.

Research Featured

Vibe Hacking: Finding Auth Bypass and RCE in Open Game Panel

You've heard of vibe coding, but have you considered vibe hacking? I tried thinking less to find an authentication bypass and RCE in OpenGamePanel.

Resource

Code Assisted Penetration Testing

Project Black includes source-code assisted penetration testing at no extra cost giving you deeper coverage, clearer insights, and stronger results. Here’s why it matters.

Resource

Nessus Reporting Customisation & Analysis

Nessus is great, but large or frequent scans get hard to manage. We built a tool to load results into a relational database for easier analysis, reporting, and automation.

Research Featured

ZendTo NDay Vulnerability Hunting - Unauthenticated RCE in v5.24-3 <= v6.10-4

Discovering NDay flaws in ZendTo filesharing software highlighted an interesting fact: without the issuance of CVEs, vulnerabilities can easily go unpatched.

Tutorial

Disable TLS 1.0 and 1.1 via GPO

Disabling TLS 1.0 and 1.1 via GPO strengthens security by removing outdated protocols. While practical exploitation is difficult, turning them off is often easier than justifying scan findings to auditors. Here’s how.

Blog Post

Security Risks of Setting Access Control Allow Origin: *

Wildcard CORS: convenient or careless? What are the ACTUAL scenarios that could lead to a loose CORS policy being exploited?

Research Featured

LiquidFiles Vulnerabilities: From Discovery to Disclosure

Join us in my quest to find some vulnerabilities in the Liquidfiles application! A full walkthrough awaits detailing the methodology and the findings that made all the effort worthwhile.

News

CREST Certified Penetration Testing - Project Black

We are thrilled to announce that Project Black has been accredited as a CREST member company in the Australasia region! CREST accreditation is a significant milestone in our journey, but it’s just the beginning.