Intro Modern web application security testing increasingly relies on automated scanning tools to identify vulnerabilities efficiently. However, as a team, we consistently faced a persistent challenge with bearer token expiration during automated scans. When tokens expired mid-scan, our automated tools encountered authentication failures, resulting in incomplete coverage and requiring manual intervention to update tokens and […]
Hello world! This is Hackcraft’s Team Newsletter, aka our official excuse to share what we’ve been researching, noticing, debating and bookmarking obsessively over the past two months. Are you looking for community or cybersecurity business insights? You‘re at the right place. Blogs Let’s start with Hackcraft’s two blogs, which we’d like you to take […]
Cybersecurity isn’t one-size-fits-all, and neither is security testing. Organizations face different threat landscapes, risk appetites, regulatory pressures and levels of security maturity, yet exercises like red teaming, penetration testing, assume breach, social engineering and tabletop exercises are often grouped together or misunderstood as equivalent. In reality, each of these approaches is designed to validate different […]
Hey there, fellow hackers! As we kick off this new year, it's the perfect time to dive into some research. That’s why we wanted to share an intriguing observation from a deep dive into Microsoft SQL Server hacking via its TDS protocol, conducted by our team member NeCro aka Giannis Christodoulakos. While exploring how SQL […]
The pulse of Offensive Cybersecurity was alive and thriving last week at the Athens Conservatoire during an incredible event, Offensive X! What about Offensive X? An electrifying journey into the heart of Offensive Cybersecurity that brought together some of the brightest minds in the field. Participants exchanged insights and explored the latest developments, fueling inspiration […]