Loading
We’ve always believed that penetration testing isn’t just about running scanners and checking boxes. It’s about thinking like an attacker — anticipating logic flaws, chaining vulnerabilities, and uncovering what automated tools miss. The Challenge: A “Secure” API Endpoint A Toronto-based fintech client came to us with an API they believed was hardened. They had: Our
Read MoreFile upload vulnerabilities are among our most frequently discovered attack surfaces — and also some of the most frustrating to exploit. Clients often believe they’ve “secured” their upload functionality with basic checks: file extension filtering, MIME-type validation, size limits, and antivirus scanning. But in 2026, we’ve found that AI is rewriting the rules of how these restrictions
Read MoreWe’ve always prided ourselves on delivering thorough, manual penetration tests that uncover vulnerabilities automated scanners often miss. But in early 2025, we began integrating AI-assisted exploitation techniques into our engagements — and the results have been nothing short of revolutionary. The Problem: Manual Testing Bottlenecks Traditional pen testing workflows involve hours spent manually exploring attack
Read MoreMulti-Factor Authentication (MFA) has become a crucial defense against unauthorized access to user accounts and sensitive data. However, as with any security measure, vulnerabilities can arise, exposing potential weaknesses in the system. In this blog post, we will delve into a specific vulnerability that allows attackers to bypass MFA by brute forcing MFA codes. Understanding
Read More