0
Skip to Content
Leviathan Security Group - Penetration Testing, Security Assessment, Risk Advisory
Services
Web Application Penetration Testing
Secure Code Review
Network Penetration Testing
Smart Device and IoT Security Assessment
Vendor Security
Risk Advisory Services
Virtual Chief Information Security Officer (VCISO)
Tabletop Exercises
Programs
Nest Device Access Security Assessment (SDM API)
Cloud Application Security Assessment (CASA)
ADA Mobile Profile
Shopify Partner Program - Technology Track
Research
TunnelVision
Blog
Company
Press Box
Careers
About Us
Privacy policy
Contact Us
Leviathan Security Group - Penetration Testing, Security Assessment, Risk Advisory
Services
Web Application Penetration Testing
Secure Code Review
Network Penetration Testing
Smart Device and IoT Security Assessment
Vendor Security
Risk Advisory Services
Virtual Chief Information Security Officer (VCISO)
Tabletop Exercises
Programs
Nest Device Access Security Assessment (SDM API)
Cloud Application Security Assessment (CASA)
ADA Mobile Profile
Shopify Partner Program - Technology Track
Research
TunnelVision
Blog
Company
Press Box
Careers
About Us
Privacy policy
Contact Us
Folder: Services
Back
Web Application Penetration Testing
Secure Code Review
Network Penetration Testing
Smart Device and IoT Security Assessment
Vendor Security
Risk Advisory Services
Virtual Chief Information Security Officer (VCISO)
Tabletop Exercises
Folder: Programs
Back
Nest Device Access Security Assessment (SDM API)
Cloud Application Security Assessment (CASA)
ADA Mobile Profile
Shopify Partner Program - Technology Track
Folder: Research
Back
TunnelVision
Blog
Folder: Company
Back
Press Box
Careers
About Us
Privacy policy
Contact Us
AWS Cognito Security — Overview
Network Security, Application Security Cody Martin 5/28/25 Network Security, Application Security Cody Martin 5/28/25

AWS Cognito Security — Overview

Discover the hidden security risks in Amazon Cognito with our blog series. Dive into AWS Cognito’s structure, components, and use cases, uncovering new attack vectors and misconfigurations.

Read More
AWS Cognito User Pool — Shared User Pools
Application Security, Network Security Cody Martin 5/23/25 Application Security, Network Security Cody Martin 5/23/25

AWS Cognito User Pool — Shared User Pools

Explore the risks of shared User Pools in AWS Cognito where users from one app can access another, potentially exposing sensitive resources.

Read More
Bypassing SSRF Filters Using r3dir
Application Security Cody Martin 6/21/24 Application Security Cody Martin 6/21/24

Bypassing SSRF Filters Using r3dir

We demonstrate how to use the r3dir tool to bypass some SSRF filters. r3dir is a convenient redirection service made for SSRF filter bypasses.

Read More
WebSockets and Meteor: Attacking Meteor Applications with eighthundredfeet
Application Security, Network Security Cody Martin 4/16/24 Application Security, Network Security Cody Martin 4/16/24

WebSockets and Meteor: Attacking Meteor Applications with eighthundredfeet

A starting point for a comprehensive pen test on any application written using the Meteor framework.  In addition to exploiting some of the framework’s inherent vulnerabilities, it contains a set of classes that can help script a variety of attacks.

Read More
WebSockets and Meteor: A Penetration Tester’s Guide to Meteor
Application Security Cody Martin 4/9/24 Application Security Cody Martin 4/9/24

WebSockets and Meteor: A Penetration Tester’s Guide to Meteor

This post introduces Meteor, a JavaScript framework that makes heavy use of WebSockets, and describes its attack surface and vulnerabilities. 

Read More
WebSockets and Meteor: Introduction to WebSockets for Penetration Testers
Application Security, Network Security Cody Martin 3/26/24 Application Security, Network Security Cody Martin 3/26/24

WebSockets and Meteor: Introduction to WebSockets for Penetration Testers

Most penetration testers know that common web security tools have limited support for WebSocket, but the differences between HTTP and WebSocket run much deeper than that. A successful penetration test on a WebSocket app requires a conceptual understanding of the protocol’s design.

Read More
  • Services

    Application Security

    • Web Application Penetration Testing
    • Secure Code Review

    Network Security

    • Network Penetration Testing

    Risk and Advisory Services

    • VCISO Services
    • Tabletop Exercises

    Hardware Security

    • Smart Device/IoT Security Assessment

    Vendor Security

    • Vendor Security Management Services
  • Programs

    App Defense Alliance

    • Cloud Application Security Assessment (CASA)
    • Mobile Application Security Assessment (MASA)

    Google Programs

    • Nest SDM API Assessment

    Shopify Programs

    • Shopify Partner Program - Technology Track (formerly PCAP)
  • Research
    • TunnelVision
    • LibEvent CVE-2024-31735
  • Blog

    Featured

    TunnelVision (CVE-2024-3661): How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak

    Categories

    • Risk and Advisory Services
    • Application Security
    • Network Security
    • Enterprise Security
    • Hardware Security
    • View All Blog Posts
  • Company
    • Press Box
    • Careers
    • About Us
    • Privacy Policy

Services

Web Application Penetration Testing

Secure Code Review

Network Penetration Testing

VCISO Services

Tabletop Exercises

Smart Device/IoT Security Assessment

Vendor Security Management Services

Programs

Cloud Application Security Assessment (CASA)

Mobile Application Security Assessment (MASA)

Nest SDM API Assessment

Shopify Partner Program - Technology Track

Research

TunnelVision

LibEvent CVE-2024-31735

Blog

Risk Advisory

Application Security

Network Security

Enterprise Security

Hardware Security

View All Blog Posts

Company

Press Box

Careers

About Us

Privacy Policy
Contact Us