Target: International Logistic CompanyAccess Point: ExternalTest Profile: Anonymous I decided to spend my weekend with the bug bounty. I would like to talk about one of the vulnerabilities I have identified, which is quite striking. I found a few wildcard records in the scope section. This encouraged me to devote time to the enumeration part. […]

Target: International Trading CompanyAccess Point: InternalTest Profile: Guest Before Test: The customer said that they had received penetration testing services from different consulting companies a few times and had fixed all vulnerabilities. They just wanted to be sure that they had enough cybersecurity maturity. They also added that there would be no exceptions, no test

Target: International BankAccess Point: PhysicalTest Profile: Guest Before Test: The customer said that they had penetration testing services from different consulting companies a few times and fixed all vulnerabilities; they just want to be sure about they have enough cyber security maturity and the ATMs are ready to go. They also added that there should

In this post, I would like to talk about a very interesting situation that I encountered years ago in an insider threat simulation project. Target: International BankAccess Point: InternalTest Profile: Guest Before Test: The customer said that they had penetration testing services from different consulting companies a few times and fixed all vulnerabilities; they just

I would like to share an incident that I encountered years ago, in a penetration testing project which can give a very good idea about how inconsistent the security maturity and self-confidence of institutions can be. I would also like to remind you that dozens of such events encountered every year. Target: International OrganizationAccess Point: