Reading view
Author: Orange Tsai(@orange_8361)
P.S. This is a cross-post blog from DEVCORE
Hi, this is the part 2 of the New MS Exchange Attack Surface. Because this article refers to several architecture introductions and attack surface concepts in the previous article, you could find the first piece here:
A New Attack Surface on MS Exchange Part 1
A New Attack Surface on MS Exchange Part 1 - ProxyLogon!
Author: Orange Tsai(@orange_8361)
P.S. This is a cross-post blog from DEVCORE
The series of A New Attack Surface on MS Exchange:A New Attack Surface on MS Exchange Part 1 - ProxyLogon!A New Attack Surface on MS Exchange Part 2 - ProxyOracle!A New Attack Surface on MS Exchange Part 3 - ProxyShell!A New Attack Surface on MS Exchange Part 4 - ProxyRelay!
How to Hack APIs in 2021
The post How to Hack APIs in 2021 appeared first on Detectify Labs.
A New Attack Surface on MS Exchange Part 3 - ProxyShell!
Author: Orange Tsai(@orange_8361) from DEVCORE
P.S. This is a cross-post blog from Zero Day Initiative (ZDI)
This is a guest post DEVCORE collaborated with Zero Day Initiative (ZDI) and published at their blog, which describes the exploit chain we demonstrated at Pwn2Own 2021! Please visit the following link to read that :)FROM PWN2OWN 2021
Burp extensions added to Burp Suite Enterprise Edition
Burp Extensions (and your own custom extensions) will now be supported by Burp Suite Enterprise Edition, brand new for the 2021.8 release. If you've had much experience with Burp Suite Professional, i
Burp Suite Professional: feature roundup
The modern web is an increasingly complex beast. Each passing year brings with it new frameworks, technologies, and design trends - not to mention vulnerabilities. All of this adds to your testing wor
Get Burp Suite certified for free...
Ready for the challenge? Buy your certification exam now... Burp Suite Certified Practitioner accreditation to enable our users to validate their self-taught skills as web security practitioners. We'v
Improvements to Burp Suite authenticated scanning
Burp Suite's authenticated scanning feature enables users to scan privileged areas of target web applications even when a complex login sequence is required. This leverages Burp's browser - using the
Burp Suite certification prices hacked for Black Friday
For the very first time, we've decided to join the rest of the world and run a Black Friday offer. Between 16 November 2021 and 30 November 2021, you can buy our Burp Suite Certified Practitioner exam
The mystery of the missing Mac release
Some eagle-eyed users of Burp Suite have noticed that there is no Mac release of Burp Suite 2021.10.2. Why is this release missing in action? Well, the true story is rather mundane, and unfortunate. F
Burp Suite roadmap for 2022
The roadmap shown here is out of date. Please see our July 2022 roadmap update. With 2022 now underway, it's about time we gave you the latest on where Burp Suite is heading this year. Here we take a
A modern, elastic design for Burp Collaborator server
When we launched Burp Collaborator back in 2015, PortSwigger deployed a public Collaborator server that anyone could use. This meant that OAST testing with Burp Collaborator was able to work straight
Introducing the mystery lab challenge
For anyone who's used the Web Security Academy before, you'll be pretty familiar with the format. For those of you who haven't had the pleasure, the process goes a little bit like this: Select a set o
Passive-aggressive scan checks
Here at PortSwigger, our goal is to enable the world to secure the web. Our scanner sits at the core of this value - quickly surfacing issues and vulnerabilities that may be present in a web applicati
Burp Suite Enterprise Edition Kubernetes deployment and auto-scaling
Burp Suite Enterprise Edition is the dynamic vulnerability scanner that can help you to secure your whole web portfolio. And with release 2022.3, we've taken those same flexible Burp scans and made th
Burp Scanner can now crawl static sites between 6x - 9x faster
Burp Suite Professional version 2022.2.3 made Burp Scanner's crawler between 6x - 9x faster when used against static or stateless sites. This helps you to carry out automated reconnaissance much faste
Burp Suite Enterprise Edition: config tips for scanning success
Burp Suite Enterprise Edition is the dynamic web vulnerability scanner that can help you to secure your whole portfolio. To help you achieve that, this article contains some advice on how to optimize
Confused by agents? We've cleaned up our jargon ...
Speaking to Burp Suite Enterprise Edition users, one thing has come up time and time again as a blocker to your understanding of the product. This has been our use of the term "agent" when describing
SQL Injection in 1 min!
The post SQL Injection in 1 min! appeared first on Detectify Blog.
The basics of Cross-site Scripting (XSS)
The post The basics of Cross-site Scripting (XSS) appeared first on Detectify Blog.