by Mike Saunders | Mar 10, 2020 | Blog Posts
It’s not uncommon on external pen tests and red team engagements to find very little attack surface on the customer’s internet-facing networks. Customers have started shifting services to cloud providers, making it harder to find targets. This blog...
by Mike Saunders | Jan 30, 2020 | Blog Posts
A common part of pen tests – both network and web app – is password spraying. In order to do that, you need usernames. But how do you find out what your target’s usernames are? This is the first in a series of posts to discuss user enumeration and...
by Mike Saunders | Nov 30, 2018 | Blog Posts
Did you know you can use DNS queries to exfiltrate data from a database via SQLi? No? Then continue reading! I’ll walk through some techniques you can use to enumerate and exfiltrate data from a DB server via blind SQLi. On a recent web app test, I encountered a...
by Mike Saunders | Sep 21, 2018 | Blog Posts
During a recent web app test, I encountered a situation when I would be randomly logged out of the application when running sqlmap. I wasn’t manipulating any of the session cookies and the logouts happened at random times. I needed a way to detect when I got...
by Mike Saunders | Sep 5, 2018 | Blog Posts
On a recent external web app pen test, I found a possible SQL injection vulnerability using the Burp Scanner. One of the tests triggered an A record lookup for the Burp Collaborator server. In the screenshot below, we can see the test that triggered the finding....