Our best in class red team can deliver a holistic cyber attack simulation to provide a true evaluation of your organisation’s cyber resilience.
Leverage the team behind the industry-leading Web Application and Mobile Hacker’s Handbook series.
MDSec’s penetration testing team is trusted by companies from the world’s leading technology firms to global financial institutions.
Our certified team work with customers at all stages of the Incident Response lifecycle through our range of proactive and reactive services.
Feb 10th, 2020
Written by: Admin
All
Introduction Back in 2018, PaloAlto Unit42 publicly documented RGDoor, an IIS backdoor used by the APT34. The article highlighted some details which sparked my interest and inspired me to write…
Feb 2nd, 2020
Written by: Admin
All
SQL Server Reporting Services (SSRS) provides a set of on-premises tools and services that create, deploy, and manage mobile and paginated reports. Functionality within the SSRS web application allowed low privileged…
Jan 10th, 2020
Written by: Admin
Penetration testing
Description A remote code execution issue in SharePoint Online via Workflows code injection was reported to Microsoft in November 2019 which was addressed immediately on the online platform. However, the…
Dec 7th, 2017
Written by: Admin
Penetration testing
During a recent mobile application assessment, MDSec’s mobile team encountered a binary protocol over HTTP used for server communication. Analysis of this protocol revealed it to be Apache Thrift, which…