Offensive Security

Using tmux for automating interactive reverse shells

Using tmux for automating interactive reverse shells

I’ve recently read a great post about using the “expect” command line utility for automating the process of converting a non-interactive reverse shell to a fully interactive TTY, which means that by doing that, it’s possible to use features like tab completion, history navigation, clear the screen and, among others, being able to hit Ctrl-c without losing your access, which makes me really happy.

Read more
White Box Penetration Testing: 'Cheating' in order to boost impact and value

White Box Penetration Testing: 'Cheating' in order to boost impact and value

Almost every professional pentester is always thrilled when a black box pentesting comes along, however it’s probably in white box that you’ll be able to give your reports more meaning.

Read more
This is how you can deliver true value through your pentest reports

This is how you can deliver true value through your pentest reports

There are only two things your client wants: how their business can be affected by impactful exploitation of a vulnerability and how they can prevent this from happening?

Read more
Handling Short Expiration Time of Authorization Tokens

Handling Short Expiration Time of Authorization Tokens

How not to waste precious time when testing a web applications or API’s with Burp Suite

Read more
Bypassing Phone Number Verification

Bypassing Phone Number Verification

In this post I’ll show you how I bypassed the phone number verification process in a website.

Read more
Credentials validation without PoC

Credentials validation without PoC

I’ve found a flaw in one of the Check Point appliances.

Read more