BLOG

Citrix ADC (Netscaler ADC) Multi-Factor Bypass

By Kendall Rusco / October 26, 2020

While working with a client, VDA engineers encountered an interesting circumstance that allowed for the bypassing of Multi-factor Authentication for users who had already set this up on their accounts. This particular misconfiguration/vulnerability was possible due to the way Citrix ADC (formerly NetScaler ADC) handles user authentication. How does it work? Upon initial login attempts…

Read More

BurpSuite Pro Extensions: Some Favorites

By madwire / May 8, 2020

Part of our internal mentoring and training culture at VDA includes Lunch and Learn events where engineers share helpful information about a relevant security topic. This past week, several of us discussed our favorite BurpSuite extensions, which are helpful additions during our various AppSec or IoT assessments. Extensions can be added to BurpSuite Pro by…

Read More

Low-Hanging Fruit Series: Permissions

By Kendall Rusco / November 7, 2019

At VDA Labs we work with a variety of companies both large and small. During our engagements, we see many of the same reoccurring issues that allow us access to systems. To help combat these threats VDA is starting a blog series we are calling “Low-Hanging Fruit”. Throughout this series we will be talking about…

Read More

Low-Hanging Fruit Series: Multi-Factor Authentication (MFA)

By Kendall Rusco / October 31, 2019

  At VDA Labs we work with a variety of companies both large and small. During our engagements, we see many of the same reoccurring issues that allow us access to systems. To help combat these threats VDA Labs is starting a blog series we are calling “Low-Hanging Fruit”. Throughout this series VDA will be…

Read More