Menu

Close
  • Home
  • XFIL
  • AppSec
  • Home
Subscribe
Stratum Security Blog Menu

Stratum Security Blog

AppSec, Research, Sarcasm

Scroll Down
Page 1 of 3 Older Posts →

Route 53 as Pentest Infrastructure

Use of DNS infrastructure is a staple of blind application testing and data exfiltration. Both of these scenarios are applicable in most pentest engagements, but building »

Jared Perry on exfiltration, aws, appsec, pentest 17 October 2018

PoC for CVE-2017-16744 and CVE-2017-16748

Proof of Concept (PoC) Date: 09/04/2018 Exploit Author: Jonathan Gaines Vendor Homepage: https://www.tridium.com/ Version: Affects Tridium Niagara AX Versions: 3.8 »

Jon Gaines 06 September 2018

What we learned about cloud security running a SaaS in AWS for 5 years - Part 7 - Availability

This is Part 7 of a multi-part series of posts on how we securely ran ThreatSim in AWS for 5 years and did right by our »

Aliou Sylla on aws security, aws, awssummit 19 October 2017

What we learned about cloud security running a SaaS in AWS for 5 years - Part 6 - Access Security

This is Part 6 of a multi-part series of posts on how we securely ran ThreatSim in AWS for 5 years and did right by our »

Aliou Sylla on cloud security, aws security, aws summit 10 August 2017

Dump - a Burp plugin to dump HTTP(S) requests/responses to a file system

PortSwigger’s BurpSuite is the de facto tool for web, API, and mobile application assessments. Over the course of many engagements, the utility of being able »

Richard Springs 01 August 2017
Page 1 of 3 Older Posts →
Stratum Security Blog © 2018
Proudly published with Ghost
Stratum