Articles

Bramfitt Technology Labs is excited to announce that we are now accredited to deliver CREST penetration tests globally, having passed CREST’s extensive selection process. “We have been delivering quality penetration tests for over 5 years now and achieving the CREST accreditation demonstrates our hard work, ability...

In the previous post we gave an introduction to Server-Side Request Forgery (SSRF) which included some examples. In this post there will be a demo to show how it works.   Firstly, we have the following code. This code, written in PHP acts as the external URL...

This week's post will be a quick update on the SameSite cookie change which Google purposed to make to its Chrome browser at the beginning of this year.   These changes were related to an ongoing plan to improve security and privacy. The two original posts explaining...

In this week's post, we’ll be doing an introduction to SSRF or Server-Side Request Forgery.   SSRF is an attack that abuses the functionality of an application to make controlled requests which are not directly accessible.   For example, if the following existed http://example.com/page.php?url= you might first realise that...

In a previous post regarding Subdomain takeovers the term was explained, and in a subsequent post there was a demo showing it in action. Although being quite a severe issue and companies being affected, generally these haven’t been a subject on news related sites.   However, recently...

A typosquatting attack involves the attacker creating a library title that is intentionally mistyped, so it differs from the original correct one. Once completed, it’s a waiting game for potential victims to accidentally misspell or type a library name and end up with one that...

In this second part there will be a demonstration of a subdomain takeover in action, using the example from the previous post. Firstly, we need to create the server instance that will be utilised throughout this example:     From here we link to this server instance with...

In a previous post we touched upon a little about subdomain takeovers, however, this was only brief. So, here we will be discussing this in more detail. In summary, a subdomain takeover is a vulnerability which occurs when there is some sort of misconfiguration (generally...

In this slightly shorter post, we’ll be discussing a recent update to Google’s SameSite cookie changes. In previous posts it was explained that Google was making a change to its Chrome browser which enforces the SameSite cookie attribute. These posts can be found here: Part 1:...

In this post we’ll be talking about an explanation to a previous post regarding exposed repositories via version control platforms. This will be related to use of self-hosted product of the cloud-hosted platform.   First, let's do a quick recap. The use of public repositories is good,...