When GRC asks the red team "What tools do you use to conduct your penetration tests?"

Ummm.... I don't know.... All of them?

....I just wrote some new ones this morning...

#infosec #pentests #redteam #hacking

Our #usdHeroLab professionals have uncovered a vulnerability in the online store software #Gambio during their #pentests.

Our analysts discovered a vulnerability in the password reset functionality. Exploiting this vulnerability would enable an attacker to change the password for any account and take over, for example, the administrator account of the application.

The vulnerability was reported to the vendor under the Responsible Disclosure Policy.

👉 More details: https://herolab.usd.de/en/security-advisories/usd-2024-0002/

Our #usdHeroLab analysts examined the #SONIX Technology Webcam during their #pentests.

1️⃣ Vulnerability Type: Incorrect Permission Assignment for Critical Resource (CWE-732)

🚨 Security Risk: High

The vulnerability was reported to the vendor under the Responsible Disclosure Policy.

👉More Details: https://herolab.usd.de/security-advisories/usd-2023-0029/

#Announcement: On Friday, our #usdHeroLab colleagues published a major release of our BurpSuite Plugin #FlowMate: https://github.com/usdAG/FlowMate/releases/tag/v1.1

During BlackHat USA 2023 and DEF CON 31, our colleagues received a lot of helpful feedback on their #tool: The new version 1.1 contains bug fixes and some new features. In our video, Florian Haag explains the advantages and possible use cases in the context of #WebApplication #Pentests: https://www.youtube.com/watch?v=BJhRhGmDATw

#CheckItOut #Security #Pentesting #Hacking #Tools #Community #moresecurity

The #BurpSuite extension #CSTC by @usdAG saved my a** during several web app #pentests.

It allows you to easily transform HTTP requests and responses.

Use it to save time when you would otherwise have to write a bunch of custom code!

Here's everything you need to know about it 👇

#Pentesting #AppSec #InfoSec #CyberSecurity #BugBounty #Hacking #Burp