AI-Augmented Series: AI Scripting for Brute-Forcing on a Web App Pentest
On a recent web app pentest, Andrew Trexler used AI to find client-side code that stopped his brute-force attack then used AI again to thwart that code.
-
-
Wireless Series: The Aircrack-ng Suite for All Your Wireless Pentesting Needs
Principal Penetration Tester Scottie Cole continues our wireless series with the Aircrack-ng Suite, a set of tools for wireless pentest discovery and exploits.
-
Reynolds Ransomware BYOVD Eludes EDR Tools
Reynolds poses a new type of threat by including a Bring Your Own Vulnerable Driver (BYOVD) in the ransomware bundle, making it harder for EDR tools to catch.
-
BeyondTrust RCE Vulnerability Exploited: Critical 9.9 CVSS Flaw Under Active Attack
While BeyondTrust patched cloud-hosted Remote Support customers earlier this month, on-premises deployments of BeyondTrust must manually patch to remediate.
-
Bypassing a WAF and a CSP with Google Tag Manager: An Attacker’s Perspective and Remediation Advice
Ryan Chaplin takes an in-depth look at how attackers can use unsafe directives to bypass CSP, notably in Google Tag Manager, and how to remediate the issue.
