Application Security Testing of the SAML protocol guidelines. INTRODUCTION The article describes the Application Security Testing of the SAML. The advice in this article is based on the following: OWASP Web Security Testing Guide OWASP Application Security Verification Standard NIST recommendations Bug bounty reports Portswigger Academy Own experience. TOOLING Constantly update the…

Setting up the environment for testing and crimson_recon explanation. INTRODUCTION It has been a couple of months since the last article about the automatization of Web Application Penetration Testing. From that moment, Crimson had grown up from those few code snippets described in previous articles, and if you are a kind…

How to fool the Microsoft Defender and other anti-virus systems. INTRODUCTION During the Penetration Testing, if you come across a Windows OS, in most cases it will be protected at least by the basic anti-virus system called "Microsoft Defender". …

Solution of common pivoting problems during a Penetration Test — INTRODUCTION During penetration testing, you may encounter the scenario when you want to be able to pivot through one of the compromised hosts to gain access to other systems in the internal network and continue testing. …

Buffer overflow and shell coding [x32] — This walkthrough refers to the methodology described here. It will be: concise, straight to the point. without the steps that lead to the rabbit hole. 0. Download the binary:

Article about — how to prepare for the WEB-300 course and OSWE exam. INTRODUCTION This article is a short guide on preparation for the WEB-300 course and the OSWE exam. There are links to blogs, tools, other courses, exercises, and all kinds of sources I used for my preparations. WEB 300 — DESCRIPTION To make…

Application Security Testing of the OAuth protocol guidelines. INTRODUCTION The article describes the Application Security Testing of the OAuth. The advice in this article is based on the following: OWASP Web Security Testing Guide OWASP Application Security Verification Standard NIST recommendations Bug bounty reports Portswigger Academy Own experience. TOOLING Constantly update the…

TIPS that can help complete the AWS fortress. INTRODUCTION This article is not a write-up. You will not find there any flags or copy-paste solutions. Instead, there are plenty of reference links and commands that I found helpful in the process of passing the AWS fortress. SERVICES DISCOVERY Always enumerate every IP address…

Application Security Testing of the JWT guidelines. INTRODUCTION The article describes the Application Security Testing of JSON Web Tokens. The advice in this article is based on the following: OWASP Web Security Testing Guide OWASP Application Security Verification Standard NIST recommendations Bug bounty reports Portswigger Academy Own experience. I will provide…