PEN Consultants Logo
Don’t Be a Victim: Find your weaknesses before the criminals do. PEN Consultants can help!

Month: August 2021


Responsible Vulnerability Disclosure

An ongoing responsible (but frustrating) vulnerability disclosure with a well-known cybersecurity vendor. After reading through this, please leave your feedback at one of the following polls: The vulnerability risk scores somewhere between a 4.0 and 4.2 on a CVSS calculation (ex., so not a huge deal. We could certainly develop a working PoC (with time), […]


User Enumeration vs Password Spraying

What do you call a User Enumeration attack against a login service (i.e. username + password)? Based on recent polling (Source_1, Source_2), it would appear our industry peers call this a password spray attack (by a 3-to-1 margin), despite the purpose clearly being for user enumeration. This article will explain why we are taking a minority […]