By targeting a specific endpoint and passing in a random string, GravityForms will prompt users to authenticate first. This results in the unauthenticated user being redirected to the obscured administrative login page for /wp-admin.
Resources
Blog
Technical
Keep up to date with the latest offensive security news, knowledge, and resources.
Did you know you can interact with LDAP using cURL? How about NTLM, proxy tunneling, or domain sockets?
A deep dive into some less common and advanced features of cURL, including sending POST requests with a payload file, uploading files to a server, exploiting Spring4Shell, and exploiting SQL injection vulnerabilities using cURL.
Offensive operations require evasion techniques to bypass security controls. Testers will often find that their attacks against web applications, Office 365, and other external endpoints are quickly blocked. Read our guide outlining the tools we use here at Sprocket to help us effectively attack our client's infrastructure including Fireprox, proxybroker2 and http-proxy-ipv6-pool.
Vulnerability management can be an overwhelming task with so many new vulnerabilities identified each year. Learn about the top vulnerabilities of 2022, which should be at the top of your patch priority list.
Know the risks and attack vectors associated with allowing inbound SMB port connectivity to workstations with an emphasis on lateral movement tools and techniques. See how Continuous Penetration Testing is highly useful for augmenting the current security control landscape implemented by the business.
Any offensive security operator will tell you that guessing employee credentials is key to compromising your customer’s network – and therefore highlighting vulnerabilities – during a cyber-security engagement. The thing is, it’s easier said than done as companies increasingly continue to transition to cloud services such as Microsoft Office 365 (O365) – all of which provide multi-factor authentication (MFA)
