Following a legal threat from █████, Proack has decided to remove their name from this article. While we worked in good faith to responsibly disclose the vulnerabilities discussed below, and held the release of this article until fixes were implemented, █████ still decided to threaten us with legal action if we publicized the vulnerabilities we…Continue reading Account Hijacking – IoT edition
In March 2020, our team started a couple of security research projects including participating in bug bounty programs, looking at IoT devices, and passively looking at mobile apps that have weak authentication and authorization controls. We came across one app called Remind, which is used by one of our team members to interact with their…Continue reading Insecure use of unique identifiers
In 2019, we were asked by some of our clients to perform an insider threat assessment to help them better understand their attack surface if a single system on their network were to be compromised. This is not a typical penetration test because we were given an asset, knowledge of the internal network layout, information…Continue reading FireEye HX Bypass – Have you tested your security tools lately?