PentesterLab

One of the most common mistake in security audits, pentests or compliance:

Thinking checklists are the ultimate goals or the most detailed checks we need.

In reality, checklists are just the starting point, the bare minimum we should be doing.

With training budgets shrinking, ensure your team stays ahead of the curve with affordable, top-tier training from PentesterLab 📈💡

https://pentesterlab.com/pro/enterprise

Articles worth reading discovered last week:

# CVE-2021-43444 to 43449: Exploiting ONLYOFFICE Web Sockets for Unauthenticated Remote Code Execution
🗞 https://labs.nettitude.com/blog/exploiting-onlyoffice-web-sockets-for-unauthenticated-remote-code-execution/

# Technical challenges with file formats - Speaker Deck
🗞 https://speakerdeck.com/ange/technical-challenges-with-file-formats

# I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSS | Spaceraccoon's Blog
🗞 https://spaceraccoon.dev/analyzing-clipboardevent-listeners-stored-xss/

# GitHub - fransr/hot-jar-swapping-urlclassloader: Demo of the URLClassLoader JAR-swapping showing the ability to replace and exploit an already loaded JAR with inner classes
🗞 https://github.com/fransr/hot-jar-swapping-urlclassloader

#PentesterLabWeekly