Pentest chronicles
In this section we share stories about vulnerabilities found during real-life penetration tests conducted by experienced testers. Check out our approach to testing web, mobile and desktop applications, as well as infrastructure and cloud systems. You'll get a step-by-step view of how we find vulnerabilities and the methods we advice to defend against them. Dive in and see what we've uncovered!
Latest pentest chronicle
Why you shouldn't roll your own cryptography - real-life case in 2023.
MATEUSZ lewczak
August 28, 2023
In the world of IT, a common practice has emerged where cryptography is developed by a group of researchers possessing a strong mathematical background, while developers implement ready-made solutions and ensure that they are up-to-date and meet the best security practices. Taking this into consideration and adding the fact that desktop application testing is often carried out by pentesters who may overlook issues related to encryption or hashing, while focusing on searching for known vulnerabilities, it should be expected ...
READ article
All pentest chronicles
How Private Cache Can Lead to Mass Account Takeover – pentest case
Mateusz Kowalczyk
July 12 2023
In many situations, minor vulnerabilities might seem like small fish in the vast ocean of cybersecurity threats. They’re often marked as low severity and thus, overlooked by developers who assume that the conditions for their exploitation are too complicated to be met. However, in this article, we’re going to challenge that assumption and show you …
READ article
A small oversight with big consequences: how a minor mistake can lead to the compromise of your Domain Controller.
dominik antończak
August 4 2023
Have you ever wondered how much information you can glean about others through observation? In the real world, when we're in public places, we're not always conscious of who's watching us and what information they're gathering about us.
READ article
When Usernames Become Passwords: A Real-World Case Study of Weak Password Practices
michał wnękowicz
June 9, 2022
In today's world, ensuring the security of our accounts is more crucial than ever. Just as keys protect the doors to our homes, passwords serve as the first line of defense for our data and assets. It's easy to assume that technical individuals, such as developers and IT professionals, always use strong, unique passwords to keep their accounts secure. However, this is not always the case; for example, ...
READ article
