News
23 February 2023
Top 10 Pentesting Tools Every Ethical Hacker Should Know
Whether you’re probing a web app or mapping out a cloud environment, the right tool makes all the difference. These are our top 10 pentesting picks that help turn theory into (ethical) action.
14 December 2021
CVE-2021-44228: Why Log4Shell Is Still a Critical Threat
Log4Shell (CVE-2021-44228) is one of the most severe and widespread vulnerabilities in recent memory. This article unpacks the threat, the reasons for its rapid spread, and what every security team needs to know.
29 September 2021
Obfuscated Apps Waste Time. Here’s How to Pentest Smarter
Mobile applications: Why they should always be tested on a build without obfuscation, SSL pinning, and root/jb detection.
1 June 2020
Full infrastructure takeover of VMware Cloud Director (CVE-2020-3956)
How a single simple form submission can be manipulated to gain control of any Virtual Machine (VM) within VMware Cloud Director. The story of a critical vulnerability that enables a full infrastructure takeover.
4 June 2019
Security Practices in Web Application Development - OWASP TOP 10
Is there 100% error free software? Is there 100% secure software? The answer to both questions is NO, but don't panic.
24 May 2019
Intigriti XSS challenge write-up
Intigriti published a DOM XSS Challenge available at Intigriti’s bug bounty platform. The assignment was to exploit a DOM XSS vulnerability on this page and to trigger a pop up of the document.domain (challenge.intigriti.io).