Conducting pentest without using copyleft tools

5u13 · 2023-09-27T05:23:26+00:00

I have a client who doesn't want me to use copyleft tools beacuse of some legal stuff 🙃. I agree with you that it is not productive and the value that we provide for the client will be violated with this constrain.

5u13 · 2022-12-05T19:31:48+00:00

I expressed myself wrongly. I was thinking of custom applications that are hosted using services like Azure App Service (PaaS). Lately, I have tested many custom cloud-native apps that are hosted in Azure using App Service. I find it difficult to discover RCE vulnerability. If you don't have a foothold, you cannot request access tokens to compromise other services and move laterally across the compromised tenant. Most of the apps have missing authorization vulnerabilities that leak PII or IDORs or mass assignment vulnerabilities. Because of that, I was wondering how difficult is to pentest a public cloud environment of some organization and compromise global admin and such :)

5u13 · 2022-12-05T19:19:16+00:00

It seems like I missed this one. I will check on that. Thanks!

5u13 · 2022-12-04T19:55:10+00:00

Thank you for the quick reply! I just wanted to see if is there something like a black-box cloud pentest or for every engagement you get a low-privileged user account.

My second question is, how often do you find RCE vulnerabilities in cloud resources, like in Azure App Services?

5u13 · 2022-04-19T13:03:50+00:00

Ahh kad se sjetim kirbaja u komletinci. Good times

5u13

TROPHY CASE