Tutorials

January 20, 2025

Purple Teaming: What Not to Do in OT & IoT Testing to Avoid Halting the Factory or Sinking the Oil Rig

Umair Ahmed, a Senior Security Engineer at HelloFresh, shares insights on pen-testing operational and IoT systems, emphasizing the importance of preparation, threat modeling, stakeholder alignment, and execution. He highlights the need for careful examination of systems to mitigate risks and ensure compliance while providing best practices for effective testing. Post-engagement, thorough reporting and follow-ups are essential for continuous improvement and vulnerability management.

June 28, 2024

Finding Hidden Threats: How I Found Leaked AWS Credentials in an Android App API Using DAST

Found a critical vulnerability involving leaked AWS credentials within an Android App API during a bug bounty hunt. by utilizing Dynamic Application Security Testing (DAST) and the Mobile Security Framework (MobSF) to uncover the vulnerability. This blog post provides a step-by-step guide for newcomers to set up their own testing environments and utilize MobSF.