Skip to main content

Pentest Chronicles

If you’re interested in the world of cybersecurity, the related technical issues, and what’s challenging right now, you’re in the right place! This part talks about IT security more broadly and has the latest information, tips, and advice.
Illustration of Pentest Chronicles

Latest insight

Illustration of One-Time-Pwn: Unauthenticated account takeover via One-Time Password

One-Time-Pwn: Unauthenticated account takeover via One-Time Password

Maksym Hensitskyi

Security features are meant to strengthen authentication, but sometimes they do the opposite. Due to a logic flaw, the mechanism intended to enhance security instead functions as a backdoor. As a result, an attacker could compromise any registered account in the application simply by knowing its email address. The web application implemented several security measures to protect its OTP-based authentication flow. Each OTP was a uniformly random 6‑digit code, and users were limited to three OTP verification attempts per code. After the third incorrect attempt, a new OTP had to be requested. Additionally, new OTP requests were throttled, enforcing a one‑minute cooldown before another code could be issued. In theory, this combination of rate limiting and cooldown logic was meant to prevent brute‑force attacks.

READ article

Other articles

Illustration of Accessing Internal Network by WiFi Hacking - 2024 Pentest Case

Accessing Internal Network by WiFi Hacking - 2024 Pentest Case

Aleksander Wojdyła

During the last penetration test, I performed an Evil Twin attack, which involves setting up a fake access point with the same name as the legitimate one. Due to improper configuration of endpoint devices (e.g., computers, phones, tablets), users could accept an incorrect (fake, generated by the auditor) certificate identifying the network. This led to a successful capture of the authentication segment of the communication. Subsequently, the auditor subjected the captured data to brute-force attacks, resulting in the retrieval of credentials.

READ article
Illustration of From SOQL Query to Data Breach - Lessons from a Real-World Pentest

From SOQL Query to Data Breach - Lessons from a Real-World Pentest

Adam Borczyk

During one of security audits of a web application, I uncovered an interesting vulnerability: the exposure of an endpoint that allows users to perform arbitrary Salesforce Object Query Language (SOQL) queries. Such functionality, when available to unauthorized users or misconfigured, poses significant security risk, especially if Row-Level Security (RLS) permissions are not properly set. In this article I will analyze technical aspects of this vulnerability, the potential risks, and steps to mitigate such issues.

READ article
Illustration of Bypassing Host Validation: Real Pentest Case of Sensitive Data Exposure

Bypassing Host Validation: Real Pentest Case of Sensitive Data Exposure

MATEUSZ Kowalczyk

During one of penetration tests, I discovered a vulnerability that allowed us to bypass a host whitelist, leading to the exposure of sensitive data. This behavior could let attackers to exfiltrate sensitive information, such as password reset tokens, to external hosts they control. The severity of this vulnerability is significant, as it opens up further attack vectors that could potentially compromise the application and its users.

READ article
Illustration of Hacking IBM AS/400 in 2024: QShell and Remote Code Execution

Hacking IBM AS/400 in 2024: QShell and Remote Code Execution

MATEUSZ Kowalczyk

A few months ago, one of our clients commissioned us to audit a customer service application that continued to use the IBM AS400 environment. These days, an emulator is needed to connect to this application. An AS/400 emulator is software designed to emulate the functionality of an AS/400 system on a different platform, such as a modern desktop or server computer. These emulators enable users to access and interact with AS/400 applications and resources without the need for physical AS/400 hardware.

READ article
Illustration of Heartbleed Vulnerability in 2024: A Fresh Case from Our Pentest

Heartbleed Vulnerability in 2024: A Fresh Case from Our Pentest

Paweł Różański

During a recent security audit, vulnerability known as The Heartbleed Bug was discovered on two publicly accessible servers. What is interesting it is a fact that this vulnerability was discovered 10 years ago! It allows an attacker to access data directly from the memory of vulnerable systems. In fact, it enables the extraction of sensitive information, including credentials, without any pre-existing access or authentication requirements.

READ article
Illustration of How NOT to store data in a desktop application?

How NOT to store data in a desktop application?

Mateusz Lewczak

Due to their offline nature, desktop applications often struggle with storing sensitive data in a secure way. Many developers mistakenly believe that compiling an application automatically secures the data within it. This approach is especially common in applications written in languages that are easy to decompile, like for example .NET. However, the truth is that no matter what technology is used, various techniques can still be used to access unprotected confidential information, which can lead to major security breaches. In this article, we'll take a look at some common methods that can be used to access supposedly secure information from desktop applications. We will also discuss the potential impacts of these vulnerabilities.

READ article
A professional cybersecurity consultant ready to assist with your inquiry.

Any questions?

Happy to get a call or email
and help!

Contact Us