The Windows Registry Adventure #7: Attack surface analysis

Posted by Mateusz Jurczyk, Google Project Zero In the first three blog posts of this series, I sought to outline what the Windows Registry actually is, its role, history, and where to find further information about it. In the subsequent three posts, my goal was to describe in detail how this...

Attack Surface Analysis Part 3: Red and Purple Teaming

Part 3: Red and Purple Teaming This is the third and final installment in our 2021 series around attack surface analysis. In part 1 I offered a description and the value and challenge of vulnerability assessment. Part 2 explored the why and how of conducting penetration testing and gave some tips...

Attack Surface Analysis Part 1: Vulnerability Scanning

In this three-part series, we’ll explore key considerations and strategies for choosing an attack surface analysis strategy, and the ways it can be used to increase awareness of both technical and process-related risks. We’ll start with vulnerability assessment below. BREACH!!! A word you may hea...

MTN Group: Blind SSRF External Interaction on https://mtngbissau.com/

Hii Security Team, I am S Rahul MCEHMetaxone Certified Ethical Hacker and a Security Researcher I just checked your website and found Blind SSRF External Interaction on https://mtngbissau.com/ What is SSRF? Server-side request forgery also known as SSRF is a web security vulnerability that allows...

Windows Sandbox Attack Surface Analysis

Posted by James Forshaw, Quartermaster of Tools Analysing the attack surface of user-mode sandboxed applications is a good way to hunt for elevation of privilege vulnerabilities. Much of the task of enumerating the attack surface could be done manually, but that’s a very tedious and error prone...