DEF CON 32 Highlights
Once again, Predatech’s technical team made the trip to DEF CON 32! DEF CON is the world’s largest annual gathering of hackers, researchers and security professionals, and this year it was hosted at the Las Vegas Convention Centre. Participants attend to share their knowledge and get hands on with the latest technologies and tools. From physical […]
Capturing and Cracking WPA/WPA2 WiFi Passwords with Kali Linux
Wireless access points can provide a gateway into your organisation’s network for unauthorised threat actors. Understanding the techniques used by threat actors to capture and crack WPA/WPA2 hashes can be also be useful when trying to enhance your network security. In this blog, we’ll explore how wireless packets can be captured, how WPA/WPA2 pre-shared key […]
Comparing Site Maps: Access Control Flaws
We come across broken access control vulnerabilities frequently during penetration testing engagements and it’s the most prevalent web application security risk on the 2021 OWASP Top 10. In today’s blog we’ll showcase how Burp Suite’s compare site map functionality can be used to help effectively identify access control flaws. What is Broken Access Control? […]
DEFCON 31 Highlights
This year, the Predatech team jetted off to sunny Las Vegas to attend DEFCON 31. The event brought together cyber security professionals, hackers, researchers and enthusiasts to share knowledge and discuss cutting-edge developments. With so much to see in a long weekend the team was spoilt for choice with a range of talks, workshops and […]
What is CSRF and How Can You Prevent It?
Cross-site request forgery (CSRF) is a common web application vulnerability that can put users’ online accounts and sensitive information at risk. In this blog, we provide an overview of CSRF attacks, including how they work, what makes them dangerous, and what mitigations can be put in place to protect your application. What is Cross-Site […]
How to Choose a Penetration Testing Provider
When looking for a penetration testing provider, you’ll want to be confident that the partner you choose can deliver a thorough test, will be responsive to questions/requests and can tailor deliverables to your needs. A good penetration testing provider will also ask the right questions and will be able to help you with defining the […]
How to Scope a Penetration Test
Scoping a penetration test can be challenging, particularly if it’s the first time you’re commissioning testing for your organisation. It may not be immediately obvious what types of testing you need and what systems should be included. In this blog, we’ll cover the drivers for testing, the most common types of testing as well as […]
How to Prepare for a Penetration Test
Penetration testing is often a critical component of a cyber security program. It can help you to identify where your systems need improvement and often expose major vulnerabilities that would otherwise have been exploited by attackers. But it’s not always clear how you can prepare and get the most out of testing. In this blog […]
Burp Suite for Web App Pentesting: Tool Showcase
In the age of increasingly complex and functionality rich web applications, the tools we use to dynamically test the security of these applications need to be both flexible and intuitive. Sometimes referred to as the ‘Swiss army knife’ of web application security testing, Burp Suite, fits the bill perfectly, and it’s something we use when […]
What is the OWASP Top 10?
What is OWASP? The Open Web Application Security Project (OWASP) is a community-led nonprofit foundation committed to improving the security of software. For 20 years OWASP has been a repository for web application security resources including documentation, tools, videos, and forums, all of which are freely available and accessible via their website. One of OWASP’s […]