Security Blog

Feature development & monitoring tips

Author: Josh Hickling

Josh is one of Pentest Peoples Web Application testers, coming from a university background, who's heavily interested in the ethical hacking world.

June 17, 2020

So, what is DOM XSS?

Cross Site Scripting (XSS) is one of the most well covered web application issues around, however it is surprising how little people truly understand the concept of DOM Based vectors. This blog will aim to clear that confusion up, discussing the difference between traditional and DOM based XSS.

Find Out More
February 17, 2020

PHP Deserialisation/Object Injection

PHP Deserialization vulnerabilities are rarely seen on Greybox application assessments, however these should not be overlooked. This blog will look at PHP Deserialzation/Object injection covering how these vulnerabilities can be spotted and the exploit code required to read local files.

Find Out More
January 10, 2020

Masquerade, cracking hashes with known formats

As a penetration tester, cracking hashes can be a great post exploitation activity for both the fun and value to a client, providing a great way of showing the severity of an issue (but mostly for the fun). In this blog I’ll show you an in-depth look at cracking hashes with known formats.

Find Out More