Understanding HTTP Request Smuggling with Hop-to-Hop Headers
We have seen HTTP request smuggling attack by modifying the Content-Length and Transfer-Encoding header. These methods exploit the execution of the headers in client-side and …
All About Creating a New Fuzzer: Wink
This blog describes the attempts, as part of the Payatu Research Team, to fuzz and find vulnerabilities in Windows Kernel. We start the blog by …
Utilizing the Burp-Suite Pentest Mapper Plugin v1.6.5
Why Pentest Mapper? Burp Suite’s Pentest Mapper plugin integrates a unique application testing checklist with request logging capabilities of Burp Suite. An easy-to-follow flow is …
Key Criteria for Choosing an MSSP
Managed security service providers (MSSPs) have become an essential component of modern cybersecurity strategies. With the increasing complexity and sophistication of cyber threats, organizations of …
How to Spawn an Interactive Shell Behind the Firewall
As penetration testers/security researchers you often come across firewalls configured with egress/ingress filtering that makes it difficult to spawn a shell. In this blog, we …
Authentication Token Obtain and Replace (ATOR) V2.1.0: Burpsuite Plugin
Why ATOR? The Authentication Token Obtain and Replace (ATOR) Burp plugin handles complex login sequences because it allows the user to obtain and replace authentication …
Active Directory Enumeration using ADmodule
An active directory allows network administrators to manage domains, users, and objects in a respective network. Now, as the network grows, the AD provides a …
What is DNS Rebinding and How it Works?
In a network, computers are addressed with numerical values called IP addresses. Computers use these IP address to communicate with each other. Since these values …
Effortless Approach to React Native Application Pentesting
Introduction Cross-platform applications have been emerging in recent years. The React Native framework is also gaining lots of traction in the world of mobile application …
