PREVIEW: Best of 2021 - Pentestmag

PREVIEW: Best of 2021


Dear PenTest Readers,

December is a great month for summaries. That’s why we decided to create a compilation of articles best-received among our reviewers and subscribers. This is definitely a good option for those of you who don’t have the possibility to check every of our mag editions throughout the year. If you want to stay up-to-date and relevant with a nice selection of offensive security articles on a wide range of topics, this is definitely a treat for you!

With the best wishes for the upcoming 2022,

PenTest Magazine's Editorial Team

Table of Contents

Inference Attacks: Artificial Intelligence, Machine Learning, and Privacy

by Chrissa Constantine

For a web application penetration test, numerous advanced web application attacks and inference attacks attempt to data-mine SQL databases by leveraging the deltas in responses. The goal is to gain information about the database or a subject illegitimately. Adversaries can leak sensitive information if an attacker can infer the actual value with a high degree of confidence.

Originally published at:

UART + U-Boot = U-AR-PWN

by GILLES Lionel aka Topotam

In this article, we will look back at a real case we encountered during an IoT penetration test. The IoT solution was composed of a ZigBee gateway/concentrator, a smart door lock and a mobile application to remotely control the lock.

Originally published at:

IoT Pivoting in Industrial Case

by Roberto Camarinesi

The pivoting technique allows you to create a bridge to those networks or targets that are otherwise unreachable. It's a technique used to explore and descend deeper and deeper into the various sub-networks or to discover hosts with particular restrictive access policies that respond only to particular requests but also to make lateral movement; it is therefore particularly useful and almost indispensable in the post exploitation phases. It is useful to know that chains of bridges can be created, to create a chain of connections concatenated between them. This is called multi-pivoting. The longer the chain, the more distant we will be in terms of routing jumps from the target, thus increasing the time for detection.

Originally published at:

Low-cost Pentest Lab in 2021

by Mauricio Harley

Creating your own pentest lab is one of the first steps you should think about when starting in this marvelous professional area. Frequently updating it is mandatory to keep up with the ever-changing offensive security landscape. In this article, I will present some suggestions for setting up a low-cost pentest lab.

Originally published at:

Detecting “Undetectable” Vulnerabilities When Fuzz Testing Advanced Automotive Systems

by Dr. Dennis Kengo Oka

One common challenge with fuzz testing of advanced automotive systems, such as infotainment systems, connectivity units, and digital cockpits, is to be able to properly monitor the target system for exceptions, which can then be further analyzed to identify vulnerabilities. Often in-band instrumentation is used to monitor the target system, i.e., the same protocol being fuzzed is used for instrumentation. For example, using valid-case instrumentation, where a correct valid message is sent to the target system after a fuzzed message and the corresponding response is observed, it is possible to determine whether the target system is behaving correctly or not. However, this limited in-band instrumentation can lead to several exceptions being missed, such as memory leaks, zombie processes or core dumps.

Originally published at:

Basics of Using SDR Against Keyless Entry Systems

by Samantha Isabelle Beaumont

Remote Keyless Systems (RKS) are an examples of such a newer, and more critical addition to the modern car. Consumers by design are able to change the state of their locked doors remotely, without resorting to any mechanical or physical mechanism, via the click of a button on a car key fob, or even by proximity to the car itself via RFID. RKS typically implements a request-response protocol between the fob and the car’s radio transceiver with minimal security protection. It is important to recognise that there are several keyless entry attacks that can be utilised against RKS - Signal Amplification Relay Attacks (SARA), Keyless Jamming and Rolljam - to name a few. For the purpose of this publication, we will be discussing the Rolljam attack.

Originally published at:

Automating Broken Access Control with the Auth Analyzer Extension

by Jesus Espinoza (Cobalt)

This is an automated way to test for broken access control vulnerabilities, using Burp Suite and the Auth Analyzer extension, which is a very useful tool still under development. Auth Analyzer has other capabilities, such as CSRF (Cross-Site Request Forgery) token extraction, updating authorization headers or updating cookies (so that your session never expires), among others. So we encourage you to take a look on your own at the Auth Analyzer extension and see its potential.

Originally published at:


by Nairuz Abulhul

Burp Suite is a great analysis tool for testing web applications and systems for security vulnerabilities. It has so many great features to utilize during a pentesting engagement. The more you use it, the more you discover its handy features.

Originally published at:

Adding a Pinch of Cloud to Your Lab

by Harpreet Singh

In this article we will discuss five tools that you can add to your lab in order to get started with cloud security assessments. All five tools are open source and easy to install and use.

Originally published at:

gRPC Pentesting

by Arun S and Sourish Das

This article imparts knowledge about gRPC technology, what are the different ways of implementing it and the various security concerns associated with it. As part of our research and past pentest experience, we have developed a vulnerable gRPC application using Java to better understand these vulnerabilities. We will be demonstrating the various vulnerabilities that can be possibly found in an application using gRPC.

Originally published at:


December 18, 2021
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023