Mobile App Pentest

The explosion of new mobile apps is an unprecedented growth story. And app security is becoming front page news. Let NetSPI protect your reputation by testing your apps for vulnerabilities before release.

The NetSPI Blog


Executing MSF Payloads via PowerShell Webshellery

Many web applications come with the ability to upload files to the server. Some of these can be misconfigured and allow for arbitrary file...


Using strace to monitor SSH connections on Linux

As a penetration tester, I like to avoid replacing binaries on running systems as it makes it more difficult to clean up the system after...

Sage Advice

The Way Back Machine - Microsoft Word for Windows 1.1a

On March 25, 2014, Microsoft released the source code for Microsoft Word for Windows 1.1a. They said they released it "to help future generations...


GPU Password Cracking – Building a Better Methodology

In an attempt to speed up our password cracking process, we have run a number of tests to better match our guesses with the passwords that...


"Detective control testing during penetration tests" Scott Sutherland Guest Blogs for Secure360

Although there is no perfect solution to prevent or detect...


Decrypting MSSQL Database Link Server Passwords

Extracting cleartext credentials from critical systems is always fun. While MSSQL server hashes local SQL credentials in the database, linked...


DeKrypto - Padding Oracle attack against IBM WebSphere Commerce (CVE-2013-05230)

IBM WebSphere Commerce or WebSphere Commerce Suite (WCS),...

Security Industry

Karl Fosaaen Guest Blogs for Secure360

NetSPI Senior Security Consultant Karl Fosaaen recently wrote a couple of guest blogs for the upcoming Secure360 2014 Conference ...


Decrypting IIS Passwords to Break Out of the DMZ: Part 1

In this blog I’ll cover how to use native IIS  tools to recover encrypted database passwords from web.config files and leverage them...
Pages: Prev1234567...23NextReturn Top