WEBINAR
GigaOm Radar Report for PTaaS: How to Make a Smarter Investment in Pentesting
WEBINAR
GigaOm Radar Report for PTaaS: How to Make a Smarter Investment in Pentesting

Pentester Guides (3)

See all content

Mass Assignment & APIs - Exploitation in the Wild

APIs have become an integral part of many applications, with REST APIs being a popular choice for implementation. However, this popularity has led to security risks, with OWASP API Top 10 identifying vulnerabilities commonly found in APIs, including mass assignment. Harsh Bothra writes about this in his latest blog.
Cobalt Core Pentester Guides API Pentesting
May 1, 2023
Est Read Time: 6 min
Read more

Exploiting Buffer Overflow Vulnerabilities: A Step-by-Step Guide (Part 2)

Buffer overflow vulnerability happens when data written to a buffer exceeds its size, which may overwrite important data or execute malicious code. Attackers can exploit these vulnerabilities to gain unauthorized access, execute malicious code, or steal sensitive data. This blog will provide an overview of buffer overflow exploitation, including its causes, consequences, and the methods attackers use to exploit it. It's important to understand the basics before diving into exploitation and steps of buffer overflow.
Cobalt Core Pentester Guides
Apr 24, 2023
Est Read Time: 18 min
Read more

A Pentester’s Guide to Dependency Confusion Attacks

This blog post discusses the concept of "Dependency Confusion" in software development, where malicious code is injected into third-party dependencies, such as libraries or frameworks, that applications use.
Cobalt Core Pentester Guides
Apr 17, 2023
Est Read Time: 7 min
Read more

CSRF & Bypasses

This article discusses Cross-Site Request Forgery (CSRF) attacks, a web security vulnerability where an attacker tricks an authenticated website user into performing an unwanted action, such as transferring funds or changing their email address, by exploiting the user's browser cookies. The article explains how CSRF attacks work and how attackers can bypass CSRF token validation to exploit vulnerabilities in web applications. It also discusses several techniques that can be used to bypass CSRF defense, including removing the referer header, bypassing the regex, and using different Content-Type values.
Cobalt Core Pentester Guides
Apr 10, 2023
Est Read Time: 8 min
Read more

Overflow Vulnerabilities

Overflow vulnerabilities occur when a program or system accepts more data than it can handle, leading to memory corruption and potentially allowing attackers to execute malicious code. Core Pentester Ninad Mathpati writes about these types of vulnerabilities and how to prevent them.
Pentester Guides
Apr 3, 2023
Est Read Time: 14 min
Read more
A Penetration Tester's Guide To Web Applications cover image

A Penetration Tester's Guide To Web Applications

Cybersecurity teams constantly need to adapt and protect networks against new vulnerabilities and maintain their...
Pentester Guides Web Application Pentesting
Mar 29, 2023
Est Read Time: 5 min
Read more

10 Steps to Secure Your Azure Cloud Environment

The blog discusses ten essential steps to secure your Azure cloud environment, ranging from access management to network security. It emphasizes the use of Azure CLI to implement these best practices and safeguard against potential security threats. The steps include multifactor authentication, compliance standards, encryption, backups, and disaster recovery plans, among others.
Pentester Guides Cloud Security
Mar 29, 2023
Est Read Time: 11 min
Read more

OAuth Vulnerabilites Pt. 2

OAuth is a widely-used protocol that enables users to authorize third-party applications to access their data from other services, such as social media or cloud storage. However, like any technology, OAuth is not immune to vulnerabilities. This is Pt. 2 of a two-part series by Core Pentester Shubham Chaskar.
Cobalt Core Pentester Guides
Mar 20, 2023
Est Read Time: 10 min
Read more

Active Directory Series: Active Directory Fundamentals

Active Directory is a Microsoft service that provides centralized management of user accounts, devices, and access to resources in a networked environment. It allows IT professionals to create and manage users, groups, computers, and other resources on a network, and control access to those resources based on policies and permissions.
Cobalt Core Pentester Guides
Mar 13, 2023
Est Read Time: 12 min
Read more
    1 2 3 4 5