PinnedPentest Team @greenhats.comDiscovery of a reflective XSS vulnerability in ARP Guard software (CVE-2023–39575)Introduction We recently executed an internal security assessment for a customer. During this engagement we discovered a vulnerability in…3 min read·Jun 21, 2023----
Pentest Team @greenhats.comImplementing accessed_at to ActiveStorage Blob in Ruby on RailsImplementing accessed_at in ActiveStorage Blob with Ruby on Rails: Tracking file access and adding authentication for secure downloads…4 min read·Sep 9, 2023----
Pentest Team @greenhats.comUptime and Network Monitoring While Pentesting: Ensuring Service Continuity and Early DetectionIn the realm of penetration testing, it is essential to maintain an overview of the target environment while conducting simulated attacks…3 min read·Jul 26, 2023----
Pentest Team @greenhats.comA short white box code audit of avoWe conducted a two-day penetration test on the product “Avo”, which is a Ruby / Ruby on Rails gem for building administrative interfaces…2 min read·Jun 5, 2023----
Pentest Team @greenhats.comDefeat LAPS with NTLMv1-RelayIn our internal pentests, relay attacks that use the NTLMv1 protocol are still successful (unfortunately). Many older systems cannot be…3 min read·Oct 13, 2022----
Pentest Team @greenhats.comLDAP Monitor — Live-Überwachung für Veränderungen an LDAP ObjektenDas ist mal wieder ein klassisches Beispiel für sogenannte “dual use software”. In unserem Pentest-Alltag nutzen wir immer häufiger die…1 min read·Oct 19, 2021----
Pentest Team @greenhats.comDisable advanced EDR solutions by abusing Microsoft signed kernel driverIn our daily research we discovered an awesome project on Github that focused on killing protected processes, especially modern anti…2 min read·Jul 1, 2021----
Pentest Team @greenhats.comDie Handynummer und den Beziehungsstatus vom schönen Mädchen aus der Nachbarschaft gibt es jetzt…Bereits 2019 wurden die 533 Millionen privaten Facebook Profil-Daten von Hackern über eine Schwachstelle in dem sozialen Netzwerk…2 min read·Apr 6, 2021----
Pentest Team @greenhats.comTryHackMe - envizonAs the creator of the room we want to publish a clean, complete and intended write-up for the community to share a bit knowlege about…6 min read·Nov 29, 2020----