This website uses cookies

To provide the highest level of service we use cookies on this site.
Your continued use of the site means that you agree to their use in accordance with our terms and conditions.

Insights

If you're interested in the world of cybersecurity, the related technical issues, and what's challenging right now, you're in the right place! This part talks about IT security more broadly and has the latest information, tips, and advice.

Latest insight

Security Mechanisms vs. Application Logic: Conclusions from Mobile App Penetration Tests

Martin Matyja

31 October 2024

Introduction: In our daily work, we often come across mobile applications, primarily for Android and iOS platforms. This article describes an example that demonstrates how popular security mechanisms should not replace essential application logic.

READ article

Featured articles

Two new CVEs: FooGallery's WordPress plugin

>Robert Kruczek

05 July 2024

During some happy hunting, I found two XSS vulnerabilities in the FooGallery WordPress plugin (version 2.4.14), which made 50k instances vulnerable on the day of discovery! These can allow attackers to execute malicious code and gain unauthorized access to administrative functionalities. Below is a detailed explanation of these vulnerabilities and how they can be exploited.

READ article

XSS in WordPress via open embed auto discovery

JAKUB ŻOCZEK

29 May 2023

Introduction Users often assume that known software is free of security flaws because it has been checked by a sufficient number of tools and security testers. However, this is not an assumption that a pentester or bug hunter can afford to make. Vulnerabilities may lurk in various places, and finding an interesting bug often requires …

READ article

Other articles

Crafting Malicious Software for Penetration Testers: A Guide from Novice to Pro

Dominik Antończak

26 August 2024

Sunday evening, you are preparing an email message for several company employees. Everything is polished, and the message is clear and convincing. The email includes a link to a server hosting malware that aligns perfectly with the company profile. The phishing campaign is about to begin. Before it does, you check everything again and say to yourself, "Perfect." Just after that, you run the program that sends your phishing emails. The next day, around 8:30 – 9:00, you check the logs and see that 3/4 of the targeted employees have downloaded the hosted malware, so probably at least half of them ran it. It's time to check the C2 (Command and Control server) for any beacons, but for some reason, there are none. What happened, you wonder? Thoughts start to appear.

READ article

How to access data secured with BitLocker? Do a system update

Krzysztof Bierówka

12 January 2023

Do you suffer from eternal lack of time for system updates? Finally managed to find a moment to install them, but you didn’t finish the whole process because you had to run out of the office? Is your data safe? Read this article to find out. As always in the IT world, it is difficult …

READ article

How a simple lack of SMS code verification can compromise financial security

Securitum

19 April 2024

During audits, it's crucial to check all possible attack vectors, even the seemingly obvious functionalities. This diligence led us to discover, during one of our web application audits, that the server does not verify the correctness of the SMS code used by applicants during the credit request process, either at the start or at the final document signing stage. In short: a credit application without any verification.

READ article

Multiple Benefits from a Single Action: The Dangers of Race Conditions in Your Application!

Adam Borczyk

19 April 2024

When multiple application threads work on the same data concurrently, there is a risk of data inconsistency or data collisions. Database engineers have tackled this problem since the early days of database engines by introducing “atomic” transactions. However, web applications remain vulnerable to an attack known as a “race condition”.

READ article

Having trouble during your pentest? Could an LLM come to your rescue?

MACIEJ KISIELEWICZ

5 April 2024

Abstract In this article we will discover whether an LLM can actually deliver value as a pentest assistant or a standalone hacking agent. Introduction With the AI revolution taking place, it’s no wonder that penetration testers are also taking notice and employing LLM agents to help with their daily tasks. Today, we will embark on a journey of doing just that. I have created 6 completely different scenarios in order to get definitive answers on the efficiency of this solution.

READ article

New Year, Fresh Vulnerabilities: Unmasking Hidden Threats in Web Applications

Marek RZepecki

5 January 2024

Security flaws, sometimes overlooked as minor ones, can escalate into significant risks for entire applications. Our recent penetration test identified a critical vulnerability enabling potential account takeover at the administrative level. This write-up highlights the essential need for comprehensive security measures throughout the application development process.

READ article

Artificial Intelligence-Assisted Fuzzing: New Horizons in Software Security Testing

tomasz turba

15 December 2023

Cybersecurity is evolving with every new technology, so penetration testers feel the need for more advanced methods and tools. One such emerging trend is Artificial Intelligence (AI)-assisted fuzzing, an approach that merges traditional fuzzing approaches with the innovative capabilities of AI. This article delves into the concept of fuzzing, its enhancement through AI, and the potential future directions of this synergy.

READ article

Hacking the invisible: A deep dive into Sub-GHz communication and flaws in the devices we use every day

MATEUSZ KOWALCZYK

8 December 2023

In our modern world, remote control technology is an ever-present part of daily life. This includes everything from the key fobs in our pockets to the remote controls on our coffee tables. But what lies behind the magic of these devices? In this article, we delve into the world of Sub-GHz communication, a technology in remote control systems, particularly those used for controlling entrance gates or garage doors.

READ article

Mobile Device Security in today's enterprise landscape: A comprehensive approach

Michał Wnękowicz

24 November 2023

The evolving challenge at a time when mobile devices are commonplace in corporate environments, concerns about their security have increased. For both corporate and Bring Your Own Device (BYOD) devices, the challenge of maintaining strong security is significant. What's more, as mobile applications become more sophisticated, their potential security vulnerabilities are becoming a concern for cybersecurity teams.

READ article

The risks of over-logging: a case study on application takeover

Securitum

15 November 2023

Logs are often seen as a wall of text, filled with information that seems unimportant until a significant problem arises. Yet, have you ever thought about the security risks hidden within those walls of text, particularly when they include sensitive details like usernames and passwords? It’s a common belief that only trustworthy individuals, such as administrators, access these logs, but not considering the potential security implications can be a dangerous oversight. Today, we explore a case where logging non-sensitive data inadvertently led to a complete application takeover by a user with limited group privileges.

READ article

Attacking Artificial Intelligence - 3 common ways

Tomasz Turba

27 October 2023

Large Language Models (LLM) like ChatGPT, Bing and Bard can be attacked by threat actors. These AI systems could be vulnerable to attacks where threat actors can manipulate the prompt in order to alter their behavior to serve a malicious purpose. As AI components are further integrated into society's critical systems, their potential vulnerabilities could significantly impact the security of both companies and entire countries.

READ article

How Private Cache Can Lead to Mass Account Takeover – pentest case

MATEUSZ KOWALCZYK

12 July 2023

In many situations, minor vulnerabilities might seem like small fish in the vast ocean of cybersecurity threats. They’re often marked as low severity and thus, overlooked by developers who assume that the conditions for their exploitation are too complicated to be met. However, in this article, we’re going to challenge that assumption and show you …

READ article

SOCMINT – or rather OSINT of social media

Tomasz Turba

October 28, 2022

SOCMINT is the process of gathering and analyzing the information collected from various social networks, channels and communication groups in order to track down an object, gather as much partial data as possible, and potentially to understand its operation. All this in order to analyze the collected information and to achieve that goal by making …

READ article

PyScript – or rather Python in your browser + what can be done with it?

michał bentkowski

October 28, 2022

PyScript – or rather Python in your browser + what can be done with it? A few days ago, the Anaconda project announced the PyScript framework, which allows Python code to be executed directly in the browser. Additionally, it also covers its integration with HTML and JS code. An execution of the Python code in …

READ article

Windows security: reconnaissance of Active Directory environment with BloodHound - part 2.

DAWID FARBANIEC

August 19, 2022

Collecting information about the domain environment with SharpHound A program that collects domain environment data – SharpHound is a component of the BloodHound tool. The collection of environmental data starts when SharpHound.exe is run on one of the computers. ...

READ article

Windows security: reconnaissance of Active Directory environment with BloodHound - part 1.

DAWID FARBANIEC

July 2, 2022

Windows security: reconnaissance of Active Directory environment with BloodHound. In this article we will take a closer look at the BloodHound tool – Six Degrees of Domain Admin. The application was developed in JavaScript and built using the Electron platform. The graphical visualization uses the Neo4j database. During the experiment, we will use a Windows …

READ article

Windows security – what is LSASS dump. How to protect against it? Part 1.

DAWID FARBANIEC

June 9, 2022

Windows security – what is LSASS dump. How to protect against it? The ability of Advanced Persistent Threat (APT) groups and other threat actors to take a dump of Windows credentials is a serious threat especially to enterprises and other organizations. The MITRE ATT&CK knowledge base, which is created primarily to support defense against cyber …

READ article

fail2ban – Remote Code Execution

JAKUB ŻOCZEK

April 4, 2022

In this article we will discuss a recently published vulnerability in quite popular software – fail2ban (CVE-2021-32749). Under the right conditions, this bug could be exploited to achieve code execution with root privileges. Luckily, it is difficult for a “normal” attacker to achieve. This vulnerability is rooted in a way the mail command from the …

READ article

Is running legacy software with no publicly known exploits safe?

Krzysztof Bierówka

15 may 2023

There is a lot of legacy software running all over the network. This is an excellent example of technological debt. And the debt means that we are borrowing. We borrow time before compromise. It’s quite easy to identify that some software or system is outdated and no longer supported. Yet, it seems that no one …

READ article

Comparison of reverse image searching in popular search engines [OSINT hints]

KRZYSZTOF WOSIŃSKI

August 11, 2021

A little experiment – comparison of Google, Bing and Yandax in terms of reverse image search. Guest post by Krzysztof Wosinski

READ article

Helping secure DOMPurify

MICHAŁ BENTKOWSKI

December 21, 2020

In this blog post I share my experience with helping secure DOMPurify and trying to kill an entire class of bypasses

READ article

Mutation XSS via namespace confusion – DOMPurify

MICHAŁ BENTKOWSKI

September 21, 2020

In this blogpost I’ll explain my recent bypass in DOMPurify – the popular HTML sanitizer library. In a nutshell, DOMPurify’s job is to take an untrusted HTML snippet, supposedly coming from an end-user, and remove all elements and attributes that can lead to Cross-Site Scripting (XSS). This is the bypass: Believe me that there’s not …

READ article

Prototype pollution – and bypassing client-side HTML sanitizers

MICHAŁ BENTKOWSKI

August 18, 2020

In this article I’ll cover the prototype pollution vulnerability and show it can be used to bypass client-side HTML sanitizers. I’m also considering various ways to find exploitation of prototype pollution via semi-automatic methods. It could also be a big help in solving my XSS challenge. Prototype pollution basics Prototype pollution is a security vulnerability, …

READ article

HTML sanitization bypass in Ruby Sanitize

michał bentkowski

July 22, 2020

On Jun 16, 2020 a security advisory for Ruby Sanitize library was released about an issue that could lead to complete bypass of the library in its RELAXED config. I have found this bug during a penetration test conducted by Securitum, and in this post I’ll explain how I came up with the idea of …

READ article

Marginwidth/marginheight – the unexpected cross-origin communication channel

Michał bentkowski

July 13, 2020

On 6th July 2020 I’ve announced a XSS challenge on my Twitter. So far only four people were able to solve it and every single one of them told me that they had never heard about the quirk used in the challenge before. So here’s a writeup explaining this quirk along with some backstory. The …

READ article

Art of bug bounty: a way from JS file analysis to XSS

Jakub Żoczek

July 1, 2020

Summary: During my research on other bug bounty program I've found Cross-Site Scripting vulnerability in cmp3p.js file, which allows attacker to execute arbitrary javascript code in context of domain that include mentioned script. Below you can find the way of finding bug bounty vulnerabilities

READ article

Protecting against social engineering-based attacks – an introduction

KRZYSZTOF WOSIŃSKI

January 27, 2020

On designing or analyzing the security in IT systems an important question which has to be taken into account, aside from the wide range of digital security solutions, is the fact that one of the key elements of each and every system is its interaction with the user.

READ article

Any questions?

Happy to get a call or email
and help!