Content Security Policy (CSP) is an essential security measure for protecting web applications against certain types of attack. By defining strict rules on the resources that a browser can load, a CSP limits potential attack vectors.
However, a poorly configured Content Security Policy can be bypassed, leaving the application vulnerable.
Object injection is an application vulnerability that occurs when an application deserializes untrusted data.
If an attacker manages to inject a malicious object, he can exploit its properties to execute arbitrary code, steal data, modify the application’s behaviour or manipulate files remotely. In other words, this vulnerability can lead to a total compromise of the targeted system.
Blind SQL Injections are a category of SQL injection. Unlike traditional SQL injections, they do not directly provide the results of queries or detailed error messages.
The attacker must therefore rely on indirect clues, such as changes in the application’s behaviour or variations in response times, to exploit the vulnerability.
Kerberoasting is a common attack in Active Directory environments. It is based on a weakness in the Kerberos protocol, but its exploitation requires specific configurations.
In this article, we will explain how a kerberoasting attack works. We will also look at how to identify and exploit a vulnerable environment, as well as methods for protecting against it.
Before discussing techniques and tools, it is essential to define the ‘secrets’ sought during penetration tests.
These secrets are generally private character strings which, if compromised, can be used to access a system, break encryption or forge data useful for authentication. Examples include a username and password pair, API keys, private keys or a session token that is still valid.
Although XML is an old language, it is still widely used, particularly in the banking sector. If you’re a pentester or a developer, you’re likely to come across XML at some point.
This format presents a number of specific vulnerabilities, including XPath injections.
AWS is a prime target for attackers. Its growing popularity and strategic role make it an attractive service.
To limit the risks, it is crucial to put in place robust security measures. Understanding the types of attack and assessing their impact is also essential.
Buffer overflow is one of the oldest and most exploited vulnerabilities. Despite this long history, they remain a major threat today.
Whether on servers or critical applications, the consequences of a buffer overflow can be devastating. In this article, we will explore in detail the principles of buffer overflow and the different types of attack. We will also detail the methods of exploitation, as well as the security best practices to protect against them effectively.
Active Directory (AD) is at the heart of many organisations’ IT infrastructure. It manages authentication, authorisation and access to critical resources within a network.
However, its complexity and importance make it a prime target for attackers. A single vulnerability in an Active Directory can enable an attacker to quickly compromise an organisation’s entire network.
At a time when cyber attacks are increasing in frequency, sophistication and impact, traditional defensive approaches, while necessary, are no longer sufficient.
To effectively protect information systems and anticipate attacks, businesses need to adopt an offensive posture. This proactive approach encompasses practices such as pentests, Red Teaming and Assumed Breach assessments.
