Blog

Regular BAS exercises can be a valuable tool to improve an organization’s security posture and protect against cyber threats. In the long run, finding and fixing vulnerabilities in an exercise is cheaper and safer than discovering them when an attacker exploits.

By targeting a specific endpoint and passing in a random string, GravityForms will prompt users to authenticate first. This results in the unauthenticated user being redirected to the obscured administrative login page for /wp-admin.

Did you know you can interact with LDAP using cURL? How about NTLM, proxy tunneling, or domain sockets? A deep dive into some less common and advanced features of cURL, including sending POST requests with a payload file, uploading files to a server, exploiting Spring4Shell, and exploiting SQL injection vulnerabilities using cURL.

Preparing for a penetration test? This checklist will inform you on what to expect and what steps you should take to get the most out of your organization’s upcoming pentest.

Self-hosted Microsoft services, such as Exchange and Skype for Business, are ideal targets for password spraying attacks. Learn more about how these threats work and how to protect your business.

Exploiting several Top 10 risks using the Damn Vulnerable Web Application (DVWA), as it’s expressly configured to highlight sub-optimal cybersecurity practices relevant to modern web applications.