Archives: October 2015

Image

Hunter Mindset

Posted on October 16th, 2015

BreakPoint Labs puts a large focus on the “hunter” mindset when approaching offensive and defensive challenges in cybersecurity.  The “hunter” mindset is all about understanding the technology being targeted or defended and thinking beyond the limitations of automated tools to find what others have missed. Whether we are hunting for sophisticated threats, or emulating them […]

Image

XSS Part 3: Exploitation

Posted on October 15th, 2015

In part 1 we introduced XSS, and part 2 we showed some TTPs for enumerating XSS, part 3 will be demonstrating how to take advantage of XSS.  XSS can lead to full control over an application or system because it provides the attacker the ability to run code in the victim’s browser. This code is […]

Image

Never include() My Input

Posted on October 5th, 2015

This blog post will demonstrate a vulnerability enumerated on a recent penetration test that was missed by automated testing because it was unlinked from the application.  In a previous blog post we show how to enumerate unlinked content using several techniques.  In our experience, unlinked resources can be quite interesting because they are more likely […]