Pentest Research

Research projects

We invest significant time in security research projects, honing and developing skills which allow our consultants to deliver the best possible results.

Take a look at our latest research projects below.

iOS Mobile Application Security | Pentest Limited

iOS Mobile Application Security – What Does Your Attack Surface Look Like?

Android Security Exposure | Pentest Limited

Android Mobile Application Security – Understanding Your Exposure

Researching Remote Procedure Call (RPC) vulnerabilities

Android Root Detection Bypass using Frida (Part 3 – OWASP Uncrackable 3)

Android Root Detection Bypass using Frida (Part 2 – RootBeer Sample)

Android Root Detection Bypass using Frida (Part 1 – OWASP Uncrackable 1)

Reflected XSS Vulnerability – SoPlanning | Pentest Limited

Reflected XSS Vulnerability – SoPlanning

XSS to Account Takeover – SoPlanning | Pentest Limited

XSS to Account Takeover – SoPlanning

Time-based Blind SQL Injection – SoPlanning | Pentest Limited

Time-based Blind SQL Injection – SoPlanning

Boolean-based Blind SQL Injection - SoPlanning | Pentest Limited

Boolean-based Blind SQL Injection – SoPlanning

Leveraging XSS to get RCE in Textpattern 4.8.7 | Pentest Limited

Leveraging XSS to get RCE in Textpattern 4.8.7

Multiple Vulnerabilities in OpenCMS 11.0.2 | Pentest Limited

Multiple Vulnerabilities in OpenCMS 11.0.2

Exploiting OpenCMS 11.0.2 using ClickJacking | Pentest Limited

Exploiting OpenCMS 11.0.2 using ClickJacking

Leveraging XSS to get RCE in OpenCMS 11.0.2 | Pentest Limited

Leveraging XSS to get RCE in OpenCMS 11.0.2

Authentication Bypass - Fedena School Management Software (CVE-2021-27980) | Pentest Limited

Authentication Bypass – Fedena School Management Software (CVE-2021-27980)

Multiple Vulnerabilities in Fedena 2.3 School Management | Pentest Limited

Multiple Vulnerabilities in Fedena 2.3 School Management Software

The (Remote) Road to Pwn2Own Tokyo 2020 | Pentest Limited

The (Remote) Road to Pwn2Own Tokyo 2020

Drupal 8 Remote Code Execution by estimating installation time of site (CVE-2020-13664) | Pentest Limited

Drupal 8 Remote Code Execution by estimating installation time of site (CVE-2020-13664)

A subtle stored-XSS in WordPress core (CVE-2020-4046) | Pentest Limited

A subtle stored-XSS in WordPress core (CVE-2020-4046)

I Like to Watch – Hack-A-Sat CTF Challenge Solution

RCE in WordPress Elementor Plugin (CVE-2020-7055) | Pentest Limited

RCE in WordPress Elementor Plugin (CVE-2020-7055)

Cross-Site Scripting (XSS) in GistPress WordPress Plugin (CVE-2020-8498) | Pentest Limited

Cross-Site Scripting (XSS) in GistPress WordPress Plugin (CVE-2020-8498)

Latest insights

Pentest Pwn2Own Toronto success 2023 banner

Success at Pwn2Own Toronto 2023

Rethink Cybersecurity Wisdom | Pentest

Rethinking Cybersecurity Wisdom

Is it time to re-evaluate phishing education | Pentest Limited

Is it time to re-evaluate phishing education?

Looking for more than just a test provider?

Get in touch with our experienced team and find out more about how we can help you obtain the information security confidence you require.

/contact Us

/connect

/services

/about

/links

Pentest Limited is registered in England and Wales with company number 11925182

Registered address: 22 Great James Street, London, WC1N 3ES

VAT registration No: 331802826

© 2019 - Present. Pentest Limited. All rights reserved.