BreakPoint Labs
Follow
2062 Followers
Follow BreakPoint Labs on their other social channels!
About Us
Founded:
2015
Company Size:
Company Type:
Private
Location:
Arlington, Virginia
Website:
BreakPoint Labs is dedicated to providing the methods and means for sustainable, measurable, and effective cybersecurity operations. Powered by highly motivated, experienced cybersecurity professionals with technical and scientific proficiency, BreakPoint Labs is developing and leveraging technology ...
Read more
Promoted Content
BreakPoint Labs is not promoting any content right now
Follow
3052
The Hunter Mindset
BreakPoint Labs puts a large focus on the “hunter” mindset when approaching offensive and defensive challenges in cybersecurity.  The “hunter” mindset is all about understanding the technology being targeted or defended and thinking beyond the limitations of automated tools to find what others have missed. Whether we are hunting for sophisticated threats, or emulating them to identify business risk, we identify biases and think critically to achieve the desired objective. Br ...
Follow
1133
Never include() My Input
This blog post will demonstrate a vulnerability enumerated on a recent penetration test that was missed by automated testing because it was unlinked from the application.  In a previous blog post we show how to enumerate unlinked content using several techniques.  In our experience, unlinked resources can be quite interesting because they are more likely to be missed by testers and tools. Now on to the story that inspired this post, during the process of enumerating unlinked content we stum ...
Follow
2566
Cross Site Scripting (XSS) Part 3: Exploitation
In part 1 we introduced XSS, and part 2 we showed some TTPs for enumerating XSS, part 3 will be demonstrating how to take advantage of XSS.  XSS can lead to full control over an application or system because it provides the attacker the ability to run code in the victim’s browser. This code is normally HTML/JavaScript that is used to do a number of things: Forge a request in an application (example: adding a user, changing a password, etc.) Delivering an exploit to get code executi ...
Follow
3184
Cross Site Scripting (XSS) Part 2: Enumeration
Continuing on from Part 1 XSS: Intro, we will go over how we enumerate XSS.  The way we go about enumerating XSS is first to properly map the application and understand its inputs.  This is done via browsing/spidering, and unlinked content enumeration using various techniques. To browse and spider the application we use Burp suite and click through all the links on the application then leverage Burp Suites spider.  To spider an application in Burp you can add the target URL to your scope a ...
Follow
8351
Cross Site Scripting (XSS) Part 1: Introduction
One of the most common flaws in web applications is  Cross Site Scripting (XSS).  All too often the risk with XSS is undermined, and ends up going to the bottom of the priority list because system owners do not fully understand the potential impact. This three (3) part blog post will hopefully change that thought process by educating readers on some attack scenarios that are possible by exploiting XSS flaws.  We aren’t planning on going into all things XSS, so if you want to learn more w ...
Follow
2460
How to Leverage SSH Tunnels
Being able to route traffic through another system can prove very useful in many situations.  This blog post will demonstrate how to leverage SSH tunnels to send traffic through an SSH session.  Three common use cases for SSH tunnels are: Sending your scanner traffic through an SSH tunnel Connecting to another service via an SSH tunnel Sending your browser traffic through an SSH tunnel Sending your scanner traffic through an SSH tunnel Proxychains combined with ...

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel