Exploiting XXE with Excel

XML External Entity attacks are very common, particularly through HTTP-based APIs, and we regularly encounter and exploit them often gaining very p...

Scoping a penetration test

I’ve been around application penetration testing for many years now and I’ve seen and heard many things when it comes to scoping a job. This post i...