On 30th August 2024, we released REDSECLABS XSS Challenge for the Infosec and bug bounty community, the challenge was to trigger bypass keyword Based filter and trigger DOM Based XSS to execute alert(1) in the context of challenge Domain. However, it was not as straight forward as it seems

Introduction It’s a time when cyber threats are increasing in complexity and frequency, penetration testing has become an integral part of an organization’s cybersecurity strategy. Choosing a qualified penetration testing provider is critical, as this decision can significantly affect your company’s security posture. An effective pentest not

Pentesting (Penetration Testing) is a vital part of an organization’s cybersecurity strategy. This involves simulating cyber attacks on your systems, networks, or applications to identify vulnerabilities before they can be exploited by threat actors. Apart from finding loopholes, this process also helps organizations the effectiveness of security controls in

Date/Time Event 15th March 2024 Attacker logged in to the Global account 15th March 2024 Attacker elevated privileges of supportaccount and logged into it 2nd April 2024 Attacker used victim’s email to send customer updated invoice. 4th April 2024 Attacker added permission to the 2nd victim’s email

RedSecLabs security researchers Rafay Baloch and Muhammad Samaak discovered address bar spoofing vulnerabilities in widely used mobile browsers such as Safari, Microsoft Edge, and DuckDuckGo. These vulnerabilities have a significant impact, affecting millions of users worldwide. Google has highlighted the severity of address bar spoofing within their Google Vulnerability Reward

For most of 2023, I devoted my time to writing my book, scheduled for publication in August 2024, titled as "Web Hacking Arsenal", It was a pretty tiring and a slow process and hence many have compared writing a book is to eating an elephant and as Desmond

REDSECLABS was contracted to perform a backdoor analysis for a customer operating a large e-commerce platform, following complaints from customers about patterns of credit card misuse linked to their purchases on the site. During an in-depth examination of the source code, REDSECLABS identified a backdoor within the "Authorize.net&

Introduction In this blog post, we shed light on two critical vulnerabilities discovered within PureVPN. One involves an alarming IP leak, a severity comparable to Remote Code Execution (RCE) in the realm of VPN security. The second vulnerability pertains to Code Execution under specific conditions. PureVPN, a well-established player in