In one of the engagements I was assigned an interesting case. The web application was obviously vulnerable to SQL injection, but WAF (web-application firewalls) were blocking any data exfiltration attempts. So the question arose how to get data? But we will start from the beginning. One of the POST search parameters appeared to be vulnerable…
During a penetration test, there may be a scenario where we would like to gain a shell on the system we can execute commands on, however we may not be able to do so because both outbound and inbound ports are blocked. However, we may still gain Reverse Shell connection without using ports at all.…
Hi everyone! I successfully passed eJPT exam a few days ago and would like to share my experience with you. Does eJPT worth it? INE program for preparing for the exam is free, certificate costs only 200$ and includes 2 tries, therefore itβs definitely a good opportunity for a novice to start your hacking journey…
