In this post, we’ll shed some light on insecure PRNG vulnerabilities and walk through a real-world example of how such a vulnerability could be (theoretically) exploited without access to the
June 2023 – We discuss and highlight how we bypassed one of the most heavily used ‘zero trust’ application whitelisting platforms. Their homepage ironically states that they block execution of
May 2023 – In this edition, we highlight how a decommissioned application was not fully removed as expected, allowing us to abuse legacy functionality to compromise an enormous amount of
In April 2023, we completed an internal infrastructure security assessment for a client in the financial sector. What we didnt realise, is that this would become our first ‘Fail of
March 2023 – With single sign-on becoming more common during our assessments, we cover one of the vulnerabilities we discovered during an engagement that let us forge SAML responses to
In February 2023, we completed a web application security assessment for a new client within the legal field. What followed was a series of hurdles, followed by jumps and yet
ImageMagick is one of those really powerful libraries that always gets mentioned in regards to anything to do with image processing. Sure enough, it’s a case of doing “apt install”
In December 2022, we completed a web application security assessment for a client who wanted assurance that their newly developed application was ready for production. The application allowed users to
In November 2022, we completed a web application security assessment for a new client within the health / wellbeing sector. We were told through previous discussions, that the web application
In October 2022, we completed an internal security assessment for a large tech organisation with clients in the legal industry, focused around the handling of sensitive documents for other companies.
