Highly accurate Information Security Testing

Security Blog

Have you configured Nessus to betray you?

Posted: January 30, 2020

Introduction There is a terrible, yet surprisingly common, Nessus authenticated scanning configuration that could be the bane of your network during a compromise. If used, it is the equivalent of saying, “Welcome to the network! Oh, and here’s the admin password for all our assets!” to every host that appears on your network. Nessus is […]

Read Full Article

Leveraging HttpOnly Cookies via XSS Exploitation with XHR Response Chaining

Posted: April 1, 2019

Introduction In this blog post we will be discussing basic and practical Cross-Site Scripting (XSS) exploitation as well as discussing ways to leverage XSS despite the presence of the HttpOnly attribute on sensitive cookies.   Background The classic Cross-Site Scripting (XSS) exploit payload uses JavaScript to send the victim’s session cookie to an attack machine. […]

Read Full Article

SSRF’s up! Real World Server-Side Request Forgery (SSRF)

Posted: January 21, 2019

In this blog post we’re going to explain what an SSRF attack is, how to test for it, and some basic guidelines on how to fix it

Read Full Article

Product Security Advisory – PSA0002 – dnaLIMS

Posted: March 8, 2017

Shorebreak Security Product Security Advisory Software dnaLIMS Vendor dnaTools (http://www.dnatools.com/) Version Tested Version 4-2015s13 Vulnerability Type Multiple vulnerabilities Severity Critical CERT/CC VU# 929263 Date Discovered Nov 6, 2016 Date Disclosed Mar 8, 2017 Summary Shorebreak Security penetration testers discovered seven serious vulnerabilities in the dnaLIMS web application during the course of a blackbox penetration test […]

Read Full Article