PEN Consultants Logo
Don’t Be a Victim: Find your weaknesses before the criminals do. PEN Consultants can help!

Month: January 2018


Enumeration Vulnerability in Leading Email Providers

Almost one-half of email providers, some of them leading providers, are vulnerable to an email/username verification attack with no apparent mitigating controls. This is my attack code and research. Pre-Req I’m not going to spend a ton of time explaining things to the nth degree. If things alluded to here don’t make sense to you, […]


I Have Your PII

I have all of your PII (Personally Identifiable Information) from your voter registration. One caveat, I only did so for one of the US Congressional Districts in Texas, but I could have just as easily obtained all voter records. This article is about what it took to obtain records and the implications. Background Recently, I […]


Exploiting Sandboxes

What if one could do more than just bypass a sandbox (easy), but actually exploit the sandbox to gain access to custom signatures, client lists, and other customers’ files? It may be easier than you think. Here’s details showing how we exploited some of the leading sandboxes in the industry. Proofpoint TAP – Background Nearly […]