What is phishing? Phishing is a type of social engineering where an attacker sends a fraudulent message designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software, such as ransomware, on the…

Target: International Logistic CompanyAccess Point: ExternalTest Profile: Anonymous I decided to spend my weekend with the bug bounty. I would like to talk about one of the vulnerabilities I have identified, which is quite striking. I found a few wildcard…

Target: International Trading CompanyAccess Point: InternalTest Profile: Guest Before Test: The customer said that they had received penetration testing services from different consulting companies a few times and had fixed all vulnerabilities. They just wanted to be sure that they…

Target: International BankAccess Point: PhysicalTest Profile: Guest Before Test: The customer said that they had penetration testing services from different consulting companies a few times and fixed all vulnerabilities; they just want to be sure about they have enough cyber…

In this post, I would like to talk about a very interesting situation that I encountered years ago in an insider threat simulation project. Target: International BankAccess Point: InternalTest Profile: Guest Before Test: The customer said that they had penetration…