Setting up the environment for testing and crimson_recon explanation. INTRODUCTION It has been a couple of months since the last article about the automatization of Web Application Penetration Testing. …

How to fool the Microsoft Defender and other anti-virus systems. INTRODUCTION During the Penetration Testing, if you come across a Windows OS, in most cases it will be protected at least by the basic anti-virus system called "Microsoft Defender". …

Solution of common pivoting problems during a Penetration Test — INTRODUCTION During penetration testing, you may encounter the scenario when you want to be able to pivot through one of the compromised hosts to gain access to other systems in the internal network and continue testing. …

Methodology for Input Validation Testing in web applications. INTRODUCTION The article describes the methodology for Input Validation Testing in web applications in the various application fields. This article will be a general introduction to input validation testing, the next ones will describe specific vulnerabilities, e.g.,. XSS, SQLi. The advice in this…

Buffer overflow and shell coding [x32] — This walkthrough refers to the methodology described here. It will be: concise, straight to the point. without the steps that lead to the rabbit hole. 0. Download the binary:

Article about — how to prepare for the WEB-300 course and OSWE exam. INTRODUCTION This article is a short guide on preparation for the WEB-300 course and the OSWE exam. There are links to blogs, tools, other courses, exercises, and all kinds of sources I used for my preparations. WEB 300 — DESCRIPTION To make…

CSP default-src ‘self’ — bypass using the error page. INTRODUCTION During one of the penetration tests, I managed to chain three application issues that finally enabled the execution of the Stored XSS vulnerability. The vulnerability combines three flaws in the application: Unrestricted file upload. Misconfigured Content Security Policy. Application error response…

Application Security Testing of the SAML protocol guidelines. INTRODUCTION The article describes the Application Security Testing of the SAML. The advice in this article is based on the following: OWASP Web Security Testing Guide OWASP Application Security Verification Standard NIST recommendations Bug bounty reports Portswigger Academy Own experience. TOOLING Constantly update the…

Application Security Testing of the OAuth protocol guidelines. INTRODUCTION The article describes the Application Security Testing of the OAuth. The advice in this article is based on the following: OWASP Web Security Testing Guide OWASP Application Security Verification Standard NIST recommendations Bug bounty reports Portswigger Academy Own experience. TOOLING Constantly update the…