We are thrilled to announce the return of the Free Pentest Contest for 2023: This is your chance to win a complimentary, professional pentest and fortify your defenses against cyber threats 100% for free, no strings attached. In short: The winner gets a 100% free pentest, with no less than the usual quality of our …
Compliance, Free Fix Verification, Free Free Pentest Contest, Free Pentest, ISO 27001, Mobile Application Security, Network Security, OWASP Top 10, Penetration Testing, Quality Guarantee, SOC2, Web Application Security
Are you testing MitM of an old protocol that starts using clear-text communications?You should consider spoofing server replies with some downgrade attack! This old trick still works sometimes against protocols that like:XMPP, SMTP, POP3 and others Let’s illustrate this with an XMPP example from the field 🙂 Introduction: In XMPP, credentials are not supposed to …
Do you have doubts about the security of your applications and systems? This is not just necessary for compliance such as ISO 27001 or SOC2: As attackers continue to develop new methods to exploit vulnerabilities, it’s crucial to keep up with the game. At 7ASecurity, we offer penetration testing services to help you stay ahead …
This blog post summarizes a whitebox security review conducted by 7ASecurity (an OTF Red Team Lab partner) against the implementation of the minivpn OpenVPN implementation. What is minivpn OpenVPN minivpn is a minimalistic OpenVPN implementation in Go (an open source programming language) that eliminates privilege escalation attacks by design, as it runs with the permissions of the regular user. …
This blog post summarizes a whitebox security review conducted by 7ASecurity (an OTF Red Team Lab partner) against the implementation of the Amnezia VPN clients. What is AmneziaVPN AmneziaVPN is a multi-protocol open-source VPN client that allows users to configure their own servers. The primary difference between AmneziaVPN and other VPN solutions is that the …
We are at it again, get 50% off any hacking course until December 2nd! Spread the word 🙂 Select from an awesome line up of courses which have featured regularly at BlackHat USA, OWASP Global AppSec, Hack In Paris, HackFest, Nullcon, DeepSec, SEC-T and many other events. Use code BFCM50 now to get 50% off …
Update 2022-08-22: 7ASecurity completed a comprehensive retest performed against LeaveHomeSafe 3.4.0, where most issues, including the critical one, were confirmed to remain unfixed. However, some medium severity findings were silently patched without notifying the public. Update 2022-07-29: In light of the public statement from the Hong Kong CIO, 7ASecurity confirmed the latest version of LeaveHomeSafe (3.3.0) remains vulnerable …
Conditions for internet users in many parts of the world are restrictive. Censorship and state-led surveillance are commonplace in some countries, with minimal tools available to circumvent content blocks and access the internet freely. Despite the constraints placed on these nations’ internet users, developers, technologists, and activists have created tools that allow people to access …
Given the success of previous sessions, we are doing another free live stream in May! Hacking JavaScript Desktop Apps with XSS and RCE with 7ASecurity & John Hammond. 100% practical information, fully hands on to take your appsec kung-fu to the next level. Hacking JavaScript Desktop apps with XSS and RCEMay 26, 18:00 – 19:00 …
Here are the details about the upcoming Free Mobile & Web app Security Workshops in March & April! Don’t miss out on your monthly dose of free online workshops! Packed with actionable information derived from real-world penetration testing, the workshops take your InfoSec Kung-Fu to the next level, no BS! March 31: Practical Mobile app …