One of the most common mistake in security audits, pentests or compliance:
Thinking checklists are the ultimate goals or the most detailed checks we need.
In reality, checklists are just the starting point, the bare minimum we should be doing.
PentesterLab 
@PentesterLab@infosec.exchange
mastodon
4.6.0-alpha.7+glitch
We make learning web hacking and security easier. Online systems, code review, videos & courses that can be used to understand, test and exploit bugs!
0
Followers
0
Following
Joined November 05, 2022
Website:
Posts
PentesterLab
@PentesterLab@infosec.exchange
We make learning web hacking and security easier. Online systems, code review, videos & courses that can be used to understand, test and exploit bugs!
infosec.exchange
PentesterLab
@PentesterLab@infosec.exchange
We make learning web hacking and security easier. Online systems, code review, videos & courses that can be used to understand, test and exploit bugs!
infosec.exchange
@PentesterLab@infosec.exchange
·
Feb 17, 2024
1
0
2
PentesterLab
@PentesterLab@infosec.exchange
We make learning web hacking and security easier. Online systems, code review, videos & courses that can be used to understand, test and exploit bugs!
infosec.exchange
PentesterLab
@PentesterLab@infosec.exchange
We make learning web hacking and security easier. Online systems, code review, videos & courses that can be used to understand, test and exploit bugs!
infosec.exchange
@PentesterLab@infosec.exchange
·
Feb 08, 2024
With training budgets shrinking, ensure your team stays ahead of the curve with affordable, top-tier training from PentesterLab 📈💡
https://pentesterlab.com/pro/enterprise
https://pentesterlab.com/pro/enterprise
1
0
1
PentesterLab
@PentesterLab@infosec.exchange
We make learning web hacking and security easier. Online systems, code review, videos & courses that can be used to understand, test and exploit bugs!
infosec.exchange
PentesterLab
@PentesterLab@infosec.exchange
We make learning web hacking and security easier. Online systems, code review, videos & courses that can be used to understand, test and exploit bugs!
infosec.exchange
@PentesterLab@infosec.exchange
·
Dec 18, 2022
Articles worth reading discovered last week:
# CVE-2021-43444 to 43449: Exploiting ONLYOFFICE Web Sockets for Unauthenticated Remote Code Execution
🗞 https://labs.nettitude.com/blog/exploiting-onlyoffice-web-sockets-for-unauthenticated-remote-code-execution/
# Technical challenges with file formats - Speaker Deck
🗞 https://speakerdeck.com/ange/technical-challenges-with-file-formats
# I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSS | Spaceraccoon's Blog
🗞 https://spaceraccoon.dev/analyzing-clipboardevent-listeners-stored-xss/
# GitHub - fransr/hot-jar-swapping-urlclassloader: Demo of the URLClassLoader JAR-swapping showing the ability to replace and exploit an already loaded JAR with inner classes
🗞 https://github.com/fransr/hot-jar-swapping-urlclassloader
#PentesterLabWeekly
# CVE-2021-43444 to 43449: Exploiting ONLYOFFICE Web Sockets for Unauthenticated Remote Code Execution
🗞 https://labs.nettitude.com/blog/exploiting-onlyoffice-web-sockets-for-unauthenticated-remote-code-execution/
# Technical challenges with file formats - Speaker Deck
🗞 https://speakerdeck.com/ange/technical-challenges-with-file-formats
# I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSS | Spaceraccoon's Blog
🗞 https://spaceraccoon.dev/analyzing-clipboardevent-listeners-stored-xss/
# GitHub - fransr/hot-jar-swapping-urlclassloader: Demo of the URLClassLoader JAR-swapping showing the ability to replace and exploit an already loaded JAR with inner classes
🗞 https://github.com/fransr/hot-jar-swapping-urlclassloader
#PentesterLabWeekly
6
0
5