RCE PoC for CVE-2020-6207 (Missing Authentication Check in SAP Solution Manager) github.com/chipik/SAP_EEM…

What's missing in recent #Onapsis publicación related to Dmitry Chastuhin's exploit on #CVE-2020-6207 anon #RCE is that #detection rules have been published for #snort/#suricata, nothing's perfect but a good addition when you don't have budget for anything else but a #NIDS...

Hey! Need a tool to collaborate and analyze the scope(nmap, nessus,etc),reportgen during a pentest or bb,but it's too tedious to install something(oh you)? I have a solution for you:demohive.hexway.io Free,easy-to-use,and with cat pictures inside. Well,what else do you need?

The short story about how we used Clubhouse as a social engineering tool to find out more about our client's employees during RedTeam testing hexway.io/research/short…

Hey! We've developed a tool, that enables pentest service providers to offer Penetration Testing as a Service (PTaaS) out of the box! Meet - Hexway Apiary! Now you can deliver your pentests faster and turn One-Time Customers into Lifetime Customers hexway.io/apiary/

Hey-Hey! We know you love Burp Suite (we too). But it's really hard to collaborate, share results in it and see the full picture when you work as a team. We're trying to solve that problem! Soon, we're going to release something very interesting! youtube.com/watch?v=1NIZj0…

People love dashboards, don't they? We've implemented a special view in Hive that displays pentest project summary (scope, services, ports, most vulnerable hosts, etc).

So now you can compare output from different scan tools(nmap, nessus, etc) and detect what services/port/IPs appear over time. Super cool!

We know how to help both sides of the penetration testing process. hexway.io

Using your favorite vulnerability scanners has just got easier!

Why are all modern checklist apps so awful? Some thoughts on the topic while we're developing checklists for pentesters hexway.io/blog/why-do-al…

What if we say that @_hexway can be MORE adaptive? Yeah, it's not just you can pick a name or something. Next Hive update will bring you a little bit more flexibility in your pentest workflow. Soon. #hexway #PTaaS #penetrationtesting #pentest

Take a peek at how convenient it is now to merge the same issues in Hexway Hive. We love making the work of pentesters more pleasant with each new release. hexway.io

The ability to look at the entirety of a situation to see the bigger picture is critical, especially for application security. What's the point of audits if all the vulnerabilities found remain in 50-page pentester reports or ci/cd Pipeline artifacts? linkedin.com/posts/dmitry-c…

What's wrong with scanners' output parsers? linkedin.com/posts/dmitry-c…

How to automate pentest reporting with Chat GPT? With just a button click, you can now quickly generate descriptions or risks of issues or any other report content, making the process more efficient and less time-consuming. Keep an eye on updates hexway.io/hive

Played around with ChatGPT for pentest reporting. Still a long way from making us unemployed anytime soon. But yeah! It can speed up a boring routine😺

And you also need a system to aggregate and manage vulnerabilities found by all those security scanners. Hexway ASOC is great for this 🤘

GitLab and SAST reports. Advantages and disadvantages linkedin.com/pulse/gitlab-s…