Stanislav KlubalAug. 30, 2019
[-]

RFID According to Frequency Range - Do You Know What You Are Dealing With?

RFID technology is a common part of our daily lives. Where do we come into contact with it and what are the most common risks? This article lists selected attack vectors and outlines real everyday situations in which we can encounter fraud in the RFID environment. The main goal of this article is an introductory and brief division of RFID technology according to the frequency band in which the actual communication takes place, including the primary areas of use.

Erik ŠabíkAug. 22, 2019
[-]

Real-Life Web App Hacking

Web server compromising very rarely means exploiting only one critical vulnerability, as can be seen for example in Hollywood movies. On the contrary, this type of compromising is usually possible due to a chain series of less serious, sometimes almost absurd, vulnerabilities. In this article, we will describe a real-life scenario in which it was exactly the chain of several vulnerabilities leading to a complete compromise of the web server.

Lukáš AntalAug. 16, 2019
[-]

Red Teaming – Red Vs. Blue, Evolution in Penetration Testing

Is Red Teaming the next generation of penetration testing? Is it a replacement or an add-on to penetration testing? Is this an evolution? Let’s draw a clear comparison of these two services and then an explanation what Red Teaming really is and what methodologies can be used to formalize it.

Lukáš AntalStanislav KlubalAug. 16, 2019
[-]

ATM Security

Security of automated teller machines (ATMs) is not a very widely discussed topic. So, does it mean then, that ATMs are safe? Our expert team conducted penetration testing on various types of ATMs and is therefore able to objectively assess the issue. The conclusions may surprise you.

Adéla HaníkováAug. 8, 2019
[-]

SMB Relay

What is the most common attack in the internal network that really works? What does it look like, what’s causing it and how can you defend yourself? This article will answer these questions. First, we will show the attack in practice and then we will discuss some technical details in the following paragraphs. Finally, we will add a few tips on how to defend against this type of attack.