top of page
Penetration Testing
Exploiting PDF Generation -A Case Study in SSRF and JavaScript Injection
During a recent pentest, we exploited an insecure PDF generator to trigger SSRF and access AWS instance metadata.
PDF generators often allow risky features like JavaScript by default, making them an overlooked attack surface.
idan ba
Sep 94 min read
Exploiting Insecure Deserialization - A Real-World Case Study
During a recent penetration test, we uncovered a critical insecure deserialization vulnerability hidden in a client’s production application. What started as a suspicious base64 string quickly unfolded into serialized Java objects, ysoserial payloads, and a proof-of-exploitation via DNS callbacks. In this post, we share the story behind the discovery, explain the risks of insecure deserialization, and highlight how a simple fix helped secure a vulnerable authentication endpoi
idan ba
Sep 24 min read
A Security Pickle with Pickle - How We Turned Machine Learning into RCE
Hacking with pickles Intro In this post, I want to share an interesting vulnerability we've discovered during a penetration test on a...
idan ba
Aug 173 min read
How Can A Lack Of Environment Separation Led Our Red Team to Remote Code Execution
How Can A Lack Of Environment Separation Led Our Red Team to Remote Code Execution
idan ba
Jul 316 min read
Penetration Testing Service
Penetration Testing Services by Cybenari Penetration testing is a proactive cybersecurity practice that simulates real-world cyberattacks...
idan ba
Jul 293 min read
What Can Red Teamers Learn From Bug Bounty Hunters
<p>In recent years, the world of cybersecurity has witnessed a dramatic rise in the sophistication and maturity of bug bounty programs. With tech giants and startups alike offering enticing rewards to those who can discover vulnerabilities in their systems, a new generation of security researchers and bug hunters has emerged. But how has this rise […]</p>
idan ba
Aug 22, 20234 min read
Black Box Penetration testing vs. White Box Penetration Testing Explained
The digital universe is vast, intricate, and continually evolving. To safeguard this cosmos, penetration testing stands as a sentinel, revealing vulnerabilities lurking in the shadows. Among its myriad forms, Black Box and White Box penetration tests emerge as contrasting yet equally significant strategies with pros and cons for each type of test. Grasping their nuances
idan ba
Aug 14, 20234 min read
Understanding SSRF Vulnerabilities in the Age of Microservices
<p>For those diving deep into cybersecurity and penetration testing, understanding the complexities and nuances of different vulnerabilities is crucial. One such vulnerability that’s seen a rise in prominence due to the widespread adoption of microservices is the Server-Side Request Forgery (SSRF). Let’s dive into the specifics of SSRF and discuss how to protect against it. […]</p>
idan ba
Aug 9, 20234 min read
A Penetration Tester's Guide To Hacking OAuth 2.0 and OpenId Connect Systems
<p>Introduction As the internet evolves, so does the complexity of ensuring secure access and user authentication. Two widely-adopted standards that have come to the forefront are OAuth and OpenID Connect (OIDC). However, as with all technologies, they are not immune to vulnerabilities. This guide will delve into what these standards are, common security pitfalls associated […]</p>
idan ba
Aug 8, 20234 min read
bottom of page