Ransack Query Injection: Analysis and Exploitation of an ORM Vulnerability Developers often rely on libraries to manage communications with databases. This saves them from having to write raw queries. These libraries generall... 03.02 Applications
What is Pass-the-Hash? Attacks Types and Security Best Practices During our internal penetration tests, we regularly compromise Active Directory without using any passwords. This is possible thanks to an iconic atta... 16.01 Infra & Network
Social Engineering and Red Teaming: Understanding Threats and Defence Strategies Social engineering, especially phishing in all its forms (emails, text messages, phone calls, QR codes, etc.), remains one of the main attack vectors.... 07.01 Phishing & Social Engineering
AD CS Security: Understanding and Exploiting ESC Techniques After presenting the operating principles of Active Directory Certificate Services (AD CS) in a previous article, it is now time to address a more off... 25.09 Infra & Network
