Any system that is used to share files across a network can be incredibly valuable to a penetration tester. From finding usernames and passwords, to identifying configuration files that give insight into device configuration, file sharing protocols are potential...
During a penetration test, it is possible to come across networks that you know exist but just can’t reach directly. When that happens, testers need a way to pivot into these networks and keep the assessment moving. In these situations, it is important to...
When someone types a website address into their browser, they probably don’t think about what happens in the background. But for a pentester, understanding that process is key. DNS (Domain Name System) is what makes the internet usable. Instead of remembering IP...
Let’s break down what SQL injection is, how attackers use it to access data, and why it’s still a major issue, despite being one of the oldest vulnerabilities around. First things first, what is SQL injection? At its simplest, SQL injection is a way for attackers to...
An A-Z of pentesting terms and abbreviations – Part 2 In this blog post, we continue our A-Z glossary of common pentesting abbreviations, acronyms and terms, from N-Z. Get ready for the likes of OSINT, RFI, YubiKeys and more. And don’t forget, you can catch up...
