SSO authentication page of one of Fortigate IdP presents a Cross-Site Scripting vulnerability which can be used to steal user credentials in plaintext.

Companies and current majors turn increasingly to identity federation. A central and single repository containing users credentials (login / password) like LDAP, AD, etc., a single web application centralized authentication (commonly referred to IdP for.

Read more

How to upload / transfer a file through a shell / terminal DOS on Windows? There is no "wget" easy to use on these OS; many pentesters are being ripped hair to transmit a payload.exe when they gain a shell or reverse-shell on a compromised a machine.

Many methods exist, starting from solutions.

Read more