A step-by-step guide on how I configured Burp Collaborator Server on a typical Debian 9 VPS. The guide explains how to use Let's Encrypt wildcard SSL certificates together with Collaborator
- An high risk vulnerability reported by me and Mathew Nash, affecting Oracle Hyperion Financial Reporting Web Studio - possibly all versions up to 188.8.131.52
- A walk-through to the possible attacks against WEP networks. Although no one uses WEP in 2017, this is the first of three posts that aim to explain the possible attacks against WI-FI networks.
- What can be more exciting than being authorized to test one of the most hyped companies in 2016?
- The JNews component was found to be vulnerable to SQL Injection affecting multiple pages.
- The AcyMailing component was vulnerable to SQL Injection on the export controller. This was another issue discovered by me, Filipe and Vitor while we were looking for low-hanging fruits in the TOP Joomla plugins.
- JEvents component was vulnerable to SQL Injection on new events functionality. This vulnerability was located inside the backoffice.