EAP-TLS Security: How Attackers Exploit Enterprise Wi-Fi Vulnerabilities
TL;DR – EAP-TLS Wi-Fi Authentication in a Nutshell EAP-TLS provides strong mutual authentication using client/server digital certificates. The process includes …
Penetration Testing
Penetration Testing in Social Housing: My Interview With Housing Technology Magazine
Housing providers hold a significant amount of sensitive personal data — tenant records, financial information, maintenance histories — and increasingly rely on …
ConScan v1.2: Username Disclosure and Brute-Force Added to Concrete5 Scanner
ConScan has been updated. If you’ve been using the Concrete5 black-box scanner since its initial release last October, version 1.2 adds two features that …
ConScan v1.2: Username Disclosure and Brute-Force Added to Concrete5 Scanner
ConScan has been updated. If you’ve been using the Concrete5 black-box scanner since its initial release last October, version 1.2 adds two features that …
ConScan: A Black-Box Vulnerability Scanner for Concrete5 CMS
Web application pentests almost always involve a CMS. WordPress, Drupal, Joomla — the big names have decent tooling. But spend enough time in this space and …
SSL Private Key Password Cracker: A Tool Born From a Real Engagement
Real pentesting doesn’t always look like the tutorials. Sometimes you’re mid-engagement, digging through an exposed directory, and you find …
HTTP Enum: Automated HTTP Enumeration and Web Server Fingerprinting Tool
Web server enumeration is one of those tasks that every pentester does, but almost nobody enjoys doing manually. Checking HTTP methods, looking for enabled …