Mobile App Pentest

The explosion of new mobile apps is an unprecedented growth story. And app security is becoming front page news. Let NetSPI protect your reputation by testing your apps for vulnerabilities before release.

The NetSPI Blog


Advisory: Oracle Forms 10g Unauthenticated Remote Code Execution (CVE-2014-4278)

Oracle Forms 10g contains code that does not properly validate...


IT Asset Management – Where to Start

Not enough emphasis is given to IT asset management. This is one of the first things an organization needs to get under control before they...


LM Hash Cracking – Rainbow Tables vs GPU Brute Force

Lately, Eric Gruber and I have been speaking about the cracking box that we built at NetSPI. Every time we present, the same question always...


CorrelatedVM – From a Pentester’s Point of View

For those who are not familiar with it, CorrelatedVM (CVM) is a software platform created by NetSPI to manage penetration testing & security...


15 Ways to Bypass the PowerShell Execution Policy

By default PowerShell is configured to prevent the execution of PowerShell scripts on Windows systems. This can be a hurdle for penetration...


Cracking Stats for Q2 2014

During many of our penetration tests, we gather domain password hashes (with permission of the client) for offline cracking and analysis....


Intercepting Native iOS Application Traffic

In this blog, we will go through proxying an iOS application which uses native web sockets to interact with a web server. The blog will help...


Bypass iOS Version Check and Certification validation

Certain iOS applications check for the iOS version number of the device. Recently, during testing of a particular application, I encountered...


Stealing unencrypted SSH-agent keys from memory

It is possible to use gdb to dump the memory of a running SSH-agent and then use that memory to reconstruct a SSH key. This provides the...

Pages: Prev1234567...25NextReturn Top