#penetration-testing

2d ago · 6 min read · The digital infrastructure of today is scaled, but is it secure enough? As systems become larger in scale, covering cloud environments, APIs, and microservices, so does the attack surface. Since SaaS

Join discussion

SRSatyam Rastogisatyamrastogi.hashnode.dev

0

Basic-Fit Breach: Targeting SaaS Membership Platforms at Scale

3d ago · 8 min read · Originally published on satyamrastogi.com Basic-Fit's 1M member breach reveals systemic weaknesses in SaaS membership platforms. Attack likely leveraged credential compromise or API exploitation targeting customer databases without proper segmentati...

Join discussion

SRSatyam Rastogisatyamrastogi.hashnode.dev

0

PlugX RAT via Fake Claude: DLL Sideloading Supply Chain Attack

4d ago · 7 min read · Originally published on satyamrastogi.com Analysis of PlugX RAT distribution through counterfeit Claude website. Exploitation chain combines DLL sideloading with supply chain targeting. Attack methodology, detection evasion, and hardening strategies...

Join discussion

WBWiktoria Blomgren Strandbergpentesting-dvwa.hashnode.dev

0

Weak Session IDs in DVWA

5d ago · 16 min read · 1 Introduction In this post, the Weak Session IDs vulnerability in the Damn Vulnerable Web Application (DVWA) is described. The objective for attacks on all levels is to work out how the ID is generat

Join discussion

PPentellect.iopentellect.hashnode.dev

0

PlexTrac vs Dradis vs AttackForge: An Honest Comparison for Working Pentesters (2026)

Apr 10 · 12 min read · Choosing a pentest reporting tool should be straightforward. It isn't. Most comparison pages you'll find are written by vendors positioning against each other, or by aggregator sites like G2 and Capte

Join discussion

LVLong Volongvh0904.hashnode.dev

0

HTB Attack Diary — Garfield (Hard, Windows)

Apr 8 · 43 min read · Introduction Garfield is a Hard-rated Windows machine that simulates a realistic Active Directory environment with a primary Domain Controller (DC01) and a Read-Only Domain Controller (RODC01). You're

Join discussion

AKAkbar Khanakbarkhan.hashnode.dev

0

How I Set Up a Complete Phishing Simulation Lab Using GoPhish, AWS EC2 & Namecheap — A Step-by-Step Technical Guide

Apr 6 · 8 min read · A real-world authorized engagement breakdown covering DNS, GoPhish configuration, SSL setup, and email deliverability — written for IT and security professionals. ⚠️ Disclaimer This engagement was per

Join discussion

PPentellect.iopentellect.hashnode.dev

0

Using AI to Write Pentest Reports: What Works, What Doesn't (Tested)

Apr 7 · 12 min read · There's a lot of noise right now about AI and penetration testing. Most of it is vendor marketing: "AI-powered," "intelligent automation," "next-generation." Almost none of it answers the practical qu

Join discussion

WWiz-Zerobugmithresearch.hashnode.dev

0

From android reverse engineering to identifying secrets, broken access control and API vulnerabilities:

Apr 1 · 7 min read · A Mobile APK Vulnerability Chain in a private program: Client: redacted Method: Static analysis Severity: High to critical Findings: 5 Executive Summary: This write-up details a multi-stage vulnerabil

Join discussion

GGitHubOpenSourcegithub-open-source.hashnode.dev

0

Unmasking Digital Footprints: Why theHarvester is Your Reconnaissance Supertool!

Mar 29 · 3 min read · 📝 Quick Summary: theHarvester is a Python-based OSINT tool designed for the reconnaissance phase of security assessments. It efficiently gathers emails, subdomains, hostnames, and other external information related to a domain by querying numerous p...

Join discussion

Tag feed

#penetration-testing

Tag feed

#penetration-testing

Trending tags this week

How Penetration Testing Services Secure Scalable Digital Infrastructure

Basic-Fit Breach: Targeting SaaS Membership Platforms at Scale

PlugX RAT via Fake Claude: DLL Sideloading Supply Chain Attack

Weak Session IDs in DVWA

PlexTrac vs Dradis vs AttackForge: An Honest Comparison for Working Pentesters (2026)

HTB Attack Diary — Garfield (Hard, Windows)

How I Set Up a Complete Phishing Simulation Lab Using GoPhish, AWS EC2 & Namecheap — A Step-by-Step Technical Guide

Using AI to Write Pentest Reports: What Works, What Doesn't (Tested)

From android reverse engineering to identifying secrets, broken access control and API vulnerabilities:

Unmasking Digital Footprints: Why theHarvester is Your Reconnaissance Supertool!

#penetration-testing

Search Hashnode

#penetration-testing

Trending tags this week

How Penetration Testing Services Secure Scalable Digital Infrastructure

Basic-Fit Breach: Targeting SaaS Membership Platforms at Scale

PlugX RAT via Fake Claude: DLL Sideloading Supply Chain Attack

Weak Session IDs in DVWA

PlexTrac vs Dradis vs AttackForge: An Honest Comparison for Working Pentesters (2026)

HTB Attack Diary — Garfield (Hard, Windows)

How I Set Up a Complete Phishing Simulation Lab Using GoPhish, AWS EC2 & Namecheap — A Step-by-Step Technical Guide

Using AI to Write Pentest Reports: What Works, What Doesn't (Tested)

From android reverse engineering to identifying secrets, broken access control and API vulnerabilities:

Unmasking Digital Footprints: Why theHarvester is Your Reconnaissance Supertool!