Pen Test

2018 YEAR IN REVIEW: Open Source Collaboration

Supporting Open Source At MindPoint Group we recognize the value that open source software provides and we work to support...

REST Assured: Penetration Testing REST APIs Using Burp Suite: Part 3 – Reporting

Welcome back to the REST Assured blog series for Part 3: Reporting. While often overlooked by security professionals, compiling reports...

REST Assured: Penetration Testing REST APIs Using Burp Suite: Part 2 – Testing

Welcome back! In part 1 of REST Assured blog series, we discussed the definitions and history behind APIs, and we...

Conducting and Detecting Data Exfiltration

Is your organization taking proactive measures to prevent a data breach?  From 2016 to 2017, the number of data breaches...

CloudFront Hijacking

I recently spent some time exploring the issue of CloudFront domain hijacking. This is not a new issue but I...

Lateral Movement with PSExec

Lateral Movement: An Overview During the early stages of an engagement, penetration testers look to gain a foothold into the...

Stop by Booth 118 @ AWS re:Invent to Learn How We Can Secure Your Cloud

Electronic Voting for the 21st Century

With the election year ahead it behooves us to take a look at the security of our voting systems and...

Privilege Escalation via Group Policy Preferences (GPP)

While this is not a new topic in the penetration testing world by any means [Chris Gates (@carnal0wnage) and others...

Tool Review: Firebind Reflector Walk-Through

I’m providing a walk-through of Firebind to go along with the overview that Joe has provided here. In this scenario,...

Tweet of the Year for 2011: What’s Wrong With Information Security

Last week, I read what I expect to be the most intelligent tweet of 2011.  A member of the OWASP...

Pen Testing Versus Vulnerability Assessments

At the end of the first day of plenary sessions at OWASP App Sec DC 2010, there was a session...