Sans Core Netwars Tournament of Champions Europe

From Justin Palk, Security Consultant: I’ll be honest, it feels good to win. Popping a shell sends a shiver down my spine. But getting into a duel with another team working the same environment? Both trying to reach the same goal, being able to see how close you...

Hacking OAuth2.0

The intent of this blog is to help penetration testers and security researchers get a deeper understanding of the OAuth protocol. We are going to learn how to bypass authentication using OAuth’s implicit flow. Before we attack OAuth we need to have an...

Networking Fundamentals Part I

This blog is the first of three in a series to go over some basic networking fundamentals that every security professional should know. These blogs are geared towards the absolute beginner and will cover a lot of different topics at a high level. These blog posts are...

Recon Methods Part 4 – Automated OSINT

 (paid In the first three parts of this series, we learned about manual methods for gathering intelligence about a target company, their external hosts, and their employees manually through a myriad of services. Now, we will cover different ways of automating the...