Integrating Abuse Case Scenarios to Improve Authorization Testing

Introduction In many penetration testing assessments, it is common to encounter applications that support multiple user roles, such as admin, normal user, approver, and others. Consequently, testers are often provided with accounts and credentials for various roles during a grey-box assessment. During a penetration test, the focus is often on identifying technical vulnerabilities such as … Continue reading Integrating Abuse Case Scenarios to Improve Authorization Testing →

Breaking out of Windows Kiosks using only Microsoft Edge

Introduction In this blog post, I will take you through the steps that I performed to get code execution on a Windows kiosk host using ONLY Microsoft Edge. Now, I know that there are many resources out there for breaking out of kiosks and that in general it can be quite easy, but this technique … Continue reading Breaking out of Windows Kiosks using only Microsoft Edge →