Web App Pentest

Auto-discovered website vulnerabilities are hard for data thieves to resist. They’ll come visiting if they discover vulnerabilities on your site. Our web app pentest service can shield you from data thieves’ automated probes.

The NetSPI Blog


Bypass iOS Version Check and Certification validation

Certain iOS applications check for the iOS version number of the device. Recently, during testing of a particular application, I encountered...


Stealing unencrypted SSH-agent keys from memory

It is possible to use gdb to dump the memory of a running SSH-agent and then use that memory to reconstruct a SSH key. This provides the...


Bypassing AV with Veil-Evasion

Veil-Framework is a collection of tools that help with information gathering and post-exploitation. One such tool is Veil-Evasion which is...


Open Source Frameworks - How secure are they?

How many of your projects include open source software? Maybe it is better to call it free software. As a person who has spent time in the...


Verifying ASLR, DEP, and SafeSEH with PowerShell

Today I am releasing a PowerShell script that easily displays whether images (DLLs and EXEs) are compiled with ASLR (Address Space Layout...


15 Ways to Download a File

Pentesters often upload files to compromised boxes to help with privilege escalation, or to maintain a presence on the machine. This blog...


Malicious MobileConfigs

How much can you trust your devices? In this blog post, we will cover a practical attack that utilizes the iPhone Configuration Utility, a...


Cracking Stats for Q1 2014

During many of our penetration tests, we gather domain password hashes (with permission of the client) for offline cracking and analysis....


Locate and Attack Domain SQL Servers without Scanning

In this blog I'll share a new PowerShell script that uses Service Principal Name (SPN) records from Active Directory to identify and attack...

Pages: Prev1234567...24NextReturn Top