0
Skip to Content
Leviathan Security Group - Penetration Testing, Security Assessment, Risk Advisory
Services
Web Application Penetration Testing
Secure Code Review
Network Penetration Testing
Smart Device and IoT Security Assessment
Vendor Security
Risk Advisory Services
Virtual Chief Information Security Officer (VCISO)
Tabletop Exercises
Programs
Nest Device Access Security Assessment (SDM API)
Cloud Application Security Assessment (CASA)
ADA Mobile Profile
Shopify Partner Program - Technology Track
Research
TunnelVision
Blog
Company
Press Box
Careers
About Us
Privacy policy
Contact Us
Leviathan Security Group - Penetration Testing, Security Assessment, Risk Advisory
Services
Web Application Penetration Testing
Secure Code Review
Network Penetration Testing
Smart Device and IoT Security Assessment
Vendor Security
Risk Advisory Services
Virtual Chief Information Security Officer (VCISO)
Tabletop Exercises
Programs
Nest Device Access Security Assessment (SDM API)
Cloud Application Security Assessment (CASA)
ADA Mobile Profile
Shopify Partner Program - Technology Track
Research
TunnelVision
Blog
Company
Press Box
Careers
About Us
Privacy policy
Contact Us
Folder: Services
Back
Web Application Penetration Testing
Secure Code Review
Network Penetration Testing
Smart Device and IoT Security Assessment
Vendor Security
Risk Advisory Services
Virtual Chief Information Security Officer (VCISO)
Tabletop Exercises
Folder: Programs
Back
Nest Device Access Security Assessment (SDM API)
Cloud Application Security Assessment (CASA)
ADA Mobile Profile
Shopify Partner Program - Technology Track
Folder: Research
Back
TunnelVision
Blog
Folder: Company
Back
Press Box
Careers
About Us
Privacy policy
Contact Us
AWS Cognito Security — Overview
Network Security, Application Security Cody Martin 5/28/25 Network Security, Application Security Cody Martin 5/28/25

AWS Cognito Security — Overview

Discover the hidden security risks in Amazon Cognito with our blog series. Dive into AWS Cognito’s structure, components, and use cases, uncovering new attack vectors and misconfigurations.

Read More
AWS Cognito User Pool — Shared User Pools
Application Security, Network Security Cody Martin 5/23/25 Application Security, Network Security Cody Martin 5/23/25

AWS Cognito User Pool — Shared User Pools

Explore the risks of shared User Pools in AWS Cognito where users from one app can access another, potentially exposing sensitive resources.

Read More
UEFI is the new BIOS
Hardware Security, Application Security Cody Martin 9/23/24 Hardware Security, Application Security Cody Martin 9/23/24

UEFI is the new BIOS

Learn about UEFI reverse engineering and exploit development so that you too can build the skills necessary to find and exploit UEFI bugs, understand common UEFI vulnerabilities, and better secure the firmware security supply chain.

Read More
The Unexpected Benefits of Threat Modeling
Application Security, Network Security, Risk Advisory, Enterprise Security, Hardware Security Cody Martin 8/5/24 Application Security, Network Security, Risk Advisory, Enterprise Security, Hardware Security Cody Martin 8/5/24

The Unexpected Benefits of Threat Modeling

Threat modeling is a disciplined approach to technology design that identifies security threats and design constraints to prevent security flaws before they manifest in your platform.

Read More
Bypassing SSRF Filters Using r3dir
Application Security Cody Martin 6/21/24 Application Security Cody Martin 6/21/24

Bypassing SSRF Filters Using r3dir

We demonstrate how to use the r3dir tool to bypass some SSRF filters. r3dir is a convenient redirection service made for SSRF filter bypasses.

Read More
CVE-2024-31735: LibEvent Library Memory Leak
Application Security Cody Martin 6/6/24 Application Security Cody Martin 6/6/24

CVE-2024-31735: LibEvent Library Memory Leak

A memory leak in the LibEvent Library v2.1.12-stable allows an attacker to cause a denial of service (DoS).

Read More
Older Posts
  • Services

    Application Security

    • Web Application Penetration Testing
    • Secure Code Review

    Network Security

    • Network Penetration Testing

    Risk and Advisory Services

    • VCISO Services
    • Tabletop Exercises

    Hardware Security

    • Smart Device/IoT Security Assessment

    Vendor Security

    • Vendor Security Management Services
  • Programs

    App Defense Alliance

    • Cloud Application Security Assessment (CASA)
    • Mobile Application Security Assessment (MASA)

    Google Programs

    • Nest SDM API Assessment

    Shopify Programs

    • Shopify Partner Program - Technology Track (formerly PCAP)
  • Research
    • TunnelVision
    • LibEvent CVE-2024-31735
  • Blog

    Featured

    TunnelVision (CVE-2024-3661): How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak

    Categories

    • Risk and Advisory Services
    • Application Security
    • Network Security
    • Enterprise Security
    • Hardware Security
    • View All Blog Posts
  • Company
    • Press Box
    • Careers
    • About Us
    • Privacy Policy

Services

Web Application Penetration Testing

Secure Code Review

Network Penetration Testing

VCISO Services

Tabletop Exercises

Smart Device/IoT Security Assessment

Vendor Security Management Services

Programs

Cloud Application Security Assessment (CASA)

Mobile Application Security Assessment (MASA)

Nest SDM API Assessment

Shopify Partner Program - Technology Track

Research

TunnelVision

LibEvent CVE-2024-31735

Blog

Risk Advisory

Application Security

Network Security

Enterprise Security

Hardware Security

View All Blog Posts

Company

Press Box

Careers

About Us

Privacy Policy
Contact Us