User Enumeration Part 2 – Microsoft Office 365

User Enumeration Part 2 – Microsoft Office 365

By Mike Saunders | March 10, 2020

It’s not uncommon on external pen tests and red team engagements to find very little attack surface on the customer’s internet-facing networks. Customers have started shifting services to cloud providers, […]

Learn More
User Enumeration Part 2 – Microsoft Office 365

SQLi Data Exfiltration via DNS

By Mike Saunders | November 30, 2018

Did you know you can use DNS queries to exfiltrate data from a database via SQLi? No? Then continue reading! I’ll walk through some techniques you can use to enumerate […]

Learn More
SQLi Data Exfiltration via DNS

Maintaining Session States in .NET Apps With Burp

By Mike Saunders | September 21, 2018

During a recent web app test, I encountered a situation when I would be randomly logged out of the application when running sqlmap. I wasn’t manipulating any of the session […]

Learn More
Maintaining Session States in .NET Apps With Burp