Latest posts

Our team researches and documents bleeding-edge security concepts and hacking techniques. This blog explores these topics and more to keep you informed.

Is your penetration testing vendor just trying to sell you products and services?

By Brent Brackin | September 17, 2020 | Blog

Not too long ago, while working at another company, I was subjected to a presentation by a paid speaker at our annual sales kickoff meeting.  Since I was heavily focused on security consulting solutions for my client base, our leadership assumed

Read More »

Securing SuiteCRM on Apache

By Anthony Ralston | September 02, 2020 | Blog

SuiteCRM is a popular open-source Client Relations Manager (CRM). I took some time to review the code and basic implementation of the application within a vanilla Ubuntu Debian build. I found good security practices within the application itself,

Read More »

PHP Type Juggling

By Anthony Ralston | August 12, 2020 | Blog

Type juggling is an expected functionality of PHP when leveraging loose comparisons. However, it can be used to subvert intended operations. In this blog we will discuss why type juggling occurs, what are the potential impacts, and why we should

Read More »

Defining the Secure Software Development Lifecycle (SSDLC)

By Cornel du Preez | June 30, 2020 | Blog

Here at Abricto Security, we believe that application penetration tests only reveal the tip of the iceberg. Specifically, if we conduct an application penetration test and we find that it’s riddled with vulnerabilities, the remediation effort

Read More »

Our Response to COVID-19

By Cornel du Preez | April 13, 2020 | Blog

Abricto Security understands that all industries feel the impact of COVID-19 and we’re here to help. Our team is shifting our operating procedures to accommodate fully remote consultations and assessments. Here is how we plan to do so: We will

Read More »

SQLmap Cheatsheet and Examples

By Cornel du Preez | April 02, 2020 | Blog

Target the http://target.server.com URL using the “-u” flag: sqlmap -u ‘http://target.server.com’ Specify POST requests by specifying the “–data” flag: sqlmap -u

Read More »

Extracting Private Keys From Public Keys Generated With Weak Random Number Generators

By Cornel du Preez | March 19, 2020 | Blog

Public key encryption is heavily utilized in modern implementations of SSH. By leveraging public key cryptography, administrators can generate both a public key and a private key to encrypt and decrypt data in transit. Using this method is favored

Read More »

Password List Generation Using CUPP

By Cornel du Preez | February 07, 2020 | Blog

In many of our network and web application penetration tests, we come across login portals that aren’t protected by anti-automation controls. Essentially, this allows us to launch unrestricted dictionary attacks on previously identified

Read More »

AWS Port Forward Setup and Config

By Cornel du Preez | January 10, 2020 | Blog

What Port forwarding or port address translation (PAT) is a method of altering the destination port of traffic by using a forward proxy. Why There are multiple possible reasons to use a PAT server for port forwarding. Here are just a few: Running

Read More »