How Penetration Testing Supports DORA Compliance for Financial and ICT Entities
Learn how penetration testing supports DORA (Digital Operational Resilience Act) compliance for financial institutions and ICT providers.
OS Command Injection via ‘lang’ Parameter in Fortinet VPN SSL Interface
During an external pentesting, a critical OS Command Injection vulnerability was identified by our team in a Fortinet SSL VPN web interface, specifically through manipulation of the lang (language) parameter.
Cyber Kill Chain’s phases: Understanding the cycle of a cyber attack
Discover the Cyber Kill Chain model—a strategic framework that breaks down cyber attacks into seven key phases. Learn how organizations can detect, prevent, and respond to threats more effectively by understanding each stage, from reconnaissance to execution
How to Start a Career in Cybersecurity (Offensive Security Edition)
Discover how to launch a successful career in offensive cybersecurity with this in-depth guide. Learn key fundamentals, certifications, hands-on training, and how to build a standout portfolio in ethical hacking.
How to Use an American Proxy Server for Faster, Smarter Web Access
Discover how using an American proxy server can boost web speed, access U.S.-only content, improve SEO accuracy, and enhance automation performance for digital professionals worldwide.
Critical FortiGate 100F SSL-VPN Vulnerability Exploited
During an external pentesting, our red team identified a critical vulnerability on FortiGate 100F firewall appliances. The issue is CVE-2022-42475 – a heap-based buffer overflow in FortiOS’s SSL-VPN service that allows remote, unauthenticated code execution.
XSS Vulnerability in the “Get a Quote” form while bypassing WordFence and CloudFlare
During an external penetration testing, we uncovered a Cross-Site Scripting (XSS) vulnerability in the newly introduced “Get a Quote” form on the client’s website. This weakness allows malicious script injection via user input, which was not caught by existing defenses (including Wordfence and Cloudflare Web Application Firewall).
Unauthorized LDAP Enumeration Exposes Active Directory for Privilege Escalation
During a penetration testing assessment, we revealed a critical weakness in the Active Directory (AD) environment stemming from improper LDAP access controls. Our Red Team successfully brute-forced a weak administrator password and remotely accessed a Windows server.
Using Favicon for OSINT
When it comes to OSINT, the smallest details often uncover the biggest insights—and the favicon is a perfect example. Whether you’re on the red team or the blue team, understanding favicon hashing will sharpen your discovery techniques, enhance your infrastructure visibility, and help you uncover connections others routinely miss.
Cyber Ground Newsletter
Cyber Ground is a newsletter that keeps you updated every Monday with topics such as Security Awareness, Red Teaming, Bug Bounty, and much more, focused on the Information Security World.
Stay Informed and Expand your knowledge.
Our Newsletter is totally free!
From time to time, we would like to contact you about our solutions, as well as other content that may be of interest to you as an individual and or a business.
