minivpn OpenVPN Go client Pentest Report

This blog post summarizes a whitebox security review conducted by 7ASecurity (an OTF Red Team Lab partner) against the implementation of the minivpn OpenVPN implementation. What is minivpn OpenVPN minivpn is a minimalistic OpenVPN implementation in Go (an open source programming language) that eliminates privilege escalation attacks by design, as it runs with the permissions of the regular user. …

Amnezia VPN Pentest Report (Mobile & Desktop apps)

This blog post summarizes a whitebox security review conducted by 7ASecurity (an OTF Red Team Lab partner) against the implementation of the Amnezia VPN clients. What is AmneziaVPN AmneziaVPN is a multi-protocol open-source VPN client that allows users to configure their own servers. The primary difference between AmneziaVPN and other VPN solutions is that the …

7ASecurity, OTF Red Team Lab partner, completes Blackbox Pentest and Privacy Audit of LeaveHomeSafe App.

Update 2022-08-22: 7ASecurity completed a comprehensive retest performed against LeaveHomeSafe 3.4.0, where most issues, including the critical one, were confirmed to remain unfixed. However, some medium severity findings were silently patched without notifying the public. Update 2022-07-29: In light of the public statement from the Hong Kong CIO, 7ASecurity confirmed the latest version of LeaveHomeSafe (3.3.0) remains vulnerable …

OTF Red Team Lab partner 7ASecurity completed a penetration test and whitebox audit of the WEPN solution.

Conditions for internet users in many parts of the world are restrictive. Censorship and state-led surveillance are commonplace in some countries, with minimal tools available to circumvent content blocks and access the internet freely. Despite the constraints placed on these nations’ internet users, developers, technologists, and activists have created tools that allow people to access …

Hacking JavaScript Desktop Apps with John Hammond!

Given the success of previous sessions, we are doing another free live stream in May! Hacking JavaScript Desktop Apps with XSS and RCE with 7ASecurity & John Hammond. 100% practical information, fully hands on to take your appsec kung-fu to the next level. Hacking JavaScript Desktop apps with XSS and RCEMay 26, 18:00 – 19:00 …

Free Mobile & Web app Security Workshops

Here are the details about the upcoming Free Mobile & Web app Security Workshops in March & April! Don’t miss out on your monthly dose of free online workshops! Packed with actionable information derived from real-world penetration testing, the workshops take your InfoSec Kung-Fu to the next level, no BS! March 31: Practical Mobile app …

Free Workshops on Android, iOS & JavaScript App Security

Join us in February/March for Live Free workshops on Android, iOS & JavaScript App Security. Learn about Deep Links, XSS & RCE in Mobile & Desktop apps. February 24: Hacking Android & iOS apps with Deep Links and XSS March 3: Hacking JavaScript Desktop apps with XSS and RCE Workshop 1: February 24: Hacking Android …

Free Online Workshops in January

Gear up for an awesome lineup of Free Online Workshops in January. Join us for an exciting journey where we present you a comprehensive review of interesting security flaws in Modern apps. Also, get to know about RCE & Prototype pollution attacks on Web Apps and deeplinks & XSS in Mobile apps. Free Workshop: Hacking …

50% off any 7ASecurity Hacking Course!

We are all getting tired of all these COVID bad news: New lockdowns, new waves, new variants, more restrictions, etc. So, we just decided to put a smile in your face regardless 🙂 Get 50% off (!) any 7ASecurity hacking course, including: Lifetime (!!) course access: Including all future updates for free (!!!) Step-by-step video …