Skip to main content

Pentest Chronicles

If you’re interested in the world of cybersecurity, the related technical issues, and what’s challenging right now, you’re in the right place! This part talks about IT security more broadly and has the latest information, tips, and advice.
Illustration of Pentest Chronicles

Latest insight

Illustration of Credentials exposure in tinycontrol devices

Credentials exposure in tinycontrol devices

Paweł Różański

It seemed to be a usual LAN test, but the network contained some non-typical devices. One of them was an IoT device (LAN controller), which looked interesting. It had separate admin and user accounts. The user had only read-only permissions, but a default password. The password for the admin was changed from the default one. We decided to check if there is a possibility to perform command injection or read sensitive files. Instead, I found something more interesting: during the opening of the login page by an unauthorized user, the file login.json was fetched from the device.

READ article

Other articles

Illustration of How "simple" math can crash your app. Support for exponential number format leads to Denial of Service.

How "simple" math can crash your app. Support for exponential number format leads to Denial of Service.

Kamil Szczurowski

During one of the audits, I noticed that some application accepted numbers in the exponential format (for example 5e10), however, all the fields were strongly typed – I couldn’t set any of the fields to a number higher than the Integer maximum value. Nevertheless, I kept that fact in my mind and continued to check other numerical fields with vast numbers that would exceed the integer limit. After some time, I finally found a field that did accept a number higher than integer, float or double, which meant that the variable type was BigInteger. Finding such variable type and a possibility to use exponential number format created a new vector for an attack – if application allows conducting any arithmetic equation, there is a chance to conduct a Denial of Service (DoS) attack.

READ article
Illustration of Breaking the TUI: From Client Quirks to Dual Local Privilege Escalation on AIX

Breaking the TUI: From Client Quirks to Dual Local Privilege Escalation on AIX

Wiktor Szymanik

In a recent security assessment, I stumbled upon an interesting setup that, at first glance, looked like just another terminal emulator driving a TUI application. Further investigation led to an exploit that chained multiple steps and fully compromised the tested host. Before we dive into the chain itself, I'll briefly explain a few terms and concepts - important context for the rest of the article.

READ article
Illustration of Even the best can be beaten bypassing EDRs with custom malware

Even the best can be beaten bypassing EDRs with custom malware

Dominik Antończak

During one of the audits, I received an interesting task. The goal was to gain access to the systems responsible for backups and then, perform a ransomware simulation. During the audit, access was gained to only one of these systems, and this was since most of these machines were outside of the Active Directory (AD). Logging in, even with Domain Administrator (DA) privileges, was restricted, but having DA access allowed me to obtain the local admin password using LAPS, which gave me access to the HYPER-V-B machine. From there, I was able to log into HYPER-V-E (the target machine). Access to the rest (4 others) was not achieved.

READ article
Illustration of Why You Should Review Your iOS Defense Mechanisms in 2025

Why You Should Review Your iOS Defense Mechanisms in 2025

Marcin Zięba

Recent security assessments revealed an ongoing problem with some iOS defense frameworks and in-house solutions: an over-reliance on checks designed for rootful jailbreaks. The mobile security landscape has fundamentally changed, and defenses must evolve accordingly. Starting with iOS 15 and iPadOS 15 Apple's Signed System Volume (SSV) was introduced to iOS and iPadOS. This feature cryptographically protects the system volume, ensuring its integrity by verifying every byte against an Apple-signed hash. Any unauthorized modification to the system volume is detected and blocked, which is a key reason for the shift to new, rootless jailbreak models on these systems.

READ article
Illustration of Let the framework guard your JWT internals - but who is guarding the framework?

Let the framework guard your JWT internals - but who is guarding the framework?

Marek Kaliszczyk

During a recent security assessment, we found a critical authentication bypass, which at the first glance looked like a classic Json Web Token (JWT) issue - no cryptographic signature verification and possibility to forge valid tokens as a result. A blackbox assessment would probably have called it a day and reported the issue as a lack of cryptographic signature verification, which would be a legitimate issue. However, since the assessment consisted of whitebox code review, it was possible to dive deeper into the application's logic.

READ article
Illustration of Trust Me, I'm a Plugin: Chaining WebDAV and Unsigned Code to Remote Code Execution

Trust Me, I'm a Plugin: Chaining WebDAV and Unsigned Code to Remote Code Execution

Mateusz Lewczak

Today's story is about how two seemingly unrelated things came together to create a global Remote Code Execution vulnerability (at least from the application's perspective). But let's start at the beginning. During a pentest of a desktop application, I noticed that it was using resources shared over WebDAV. This is where it stored documents, configuration files, and so on.

READ article
A professional cybersecurity consultant ready to assist with your inquiry.

Any questions?

Happy to get a call or email
and help!

Contact Us