Every three to four years, OWASP releases a new version of arguably its most famous project, the “OWASP Top Ten”. Originally started in 2003, this list serves as an awareness document to highlight the 10 most prevalent issues for web applications. The newest release marks the eighth iteration and has once again undergone a few … Continue reading OWASP Top 10 2025 – A Pentester’s Perspective
IntroductionPurpose of the blogpostWhat is Labshock?What Will We Do?Setting Up the Virtual Oil PlantCreate Your EnvironmentInstall LabshockDockerDownload & build LabshockStarting LabshockConducting the HackStep 1: ReconnaissanceStep 2: Explore the PLC & SCADAStep 3: Find the correct IPStep 4: Interact with Modbus (Read Data)ModbusCoils & RegistersPump 1 & 2Step 5: Hack the Pumps (Write Data)Hack the pump … Continue reading Refinery raid
In today's digital landscape, Remote Management and Monitoring (RMM) tools have become indispensable for organizations seeking to streamline IT operations, enhance productivity, and ensure seamless remote support. However, within our threat hunting and incident response engagements we often see that these tools, while beneficial, can also pose significant security risks if not properly managed. This … Continue reading Hunting for Remote Management Tools
Yesterday, unexpectedly, my personal Google account suggested using Passkeys for login. This is amazing, as Passkeys is the game-changer for cyber security because it could imply the solution to one of the biggest headaches in cyber security: password use. The problem with passwords. For decades, we have struggled with passwords as an authentication tool. They … Continue reading The End of Passwords? Embrace the Future with Passkeys.
Summary This blogpost covers a Capture The Flag challenge that was part of the 2024 picoCTF event that lasted until Tuesday 26/03/2024. With a team from NVISO, we decided to participate and tackle as many challenges as we could, resulting in a rewarding 130th place in the global scoreboard. I decided to try and focus … Continue reading Format String Exploitation: A Hands-On Exploration for Linux
In this blog post, we will go over a technique called Google Dorking and demonstrate how it can be utilized to uncover severe security vulnerabilities in web applications hosted right here in Belgium, where NVISO was founded. The inspiration for this security research arose from the observation that many large organizations have fallen victim to … Continue reading Is the Google search bar enough to hack Belgian companies?
