data leaks

Facebook Removes Privacy Settings (or Why it’s hard to hide information on the Internet)

A few weeks ago Facebook announced the removal of a “Search” setting. That’s their marketing term for a privacy setting. The setting in question allowed a user to prevent his or her Facebook profile from being discovered via Facebook’s search function. Now before you go look for it, you should know that most of us …

Facebook Removes Privacy Settings (or Why it’s hard to hide information on the Internet) Read More »

Decoding F5 Cookie

As a Penetration Tester, there are many different things you come across while performing a test.   The one in which I will discuss in this post is the cookies returned by the F5 BigIp Server.  These cookies are purposed for load balancing and if not properly protected, will reveal IP addresses and ports of internal …

Decoding F5 Cookie Read More »

Finding the Leaks

One of the common vulnerabilities we find when performing internal network penetration testing is sensitive data on open SMB file shares.  Now, by “open” I am including both unauthenticated as well as file shares that allow any authenticated user.  It certainly makes sense for organizations to have file shares that are accessible to all employees …

Finding the Leaks Read More »

Scroll to Top