Cobalt.io VS BeEF

I would be tempted to say yes. It's important to keep in mind that most tech companies out there don't have a giant budget and 1000 employees so they often can't afford a red team. This in turn creates a big demand for external contractors such as Cobalt. I personally, however, prefer to work for the company itself rather than being a contractor as it lets me not only find the problem, but help them fix the issue. Source: over 1 year ago

Cobalt.io | Multiple roles | Remote, US, Germany | Full-time | https://cobalt.io Cobalt helps secure hundreds of leading companies (GoDaddy, HubSpot) by connecting them with on-demand pentesting experts. Our application brings both sides together to identify, triage and fix vulnerabilities. Seven years and over 20K commits later, our technology has been battle tested by thousands of users. We’re a rapidly growing... - Source: Hacker News / almost 3 years ago

Imagine this you would be an ex-blue team member looking to join red team to fight against the blue team. Don't let your passion for Offsec red teaming die, keep building those skills on the side there are many many opportunities to do so! I would recommend to check out places like cobalt.io or Synack red team to kind of get part time red teaming experience if you really are that driven. (Would make for a... Source: about 3 years ago

Cobalt.io | Multiple roles | Remote, US, Germany | Full-time | https://cobalt.io Today, Cobalt helps secure hundreds of leading companies (GoDaddy, HubSpot) by connecting them with on-demand pentesting experts. Our application brings both sides together to identify, triage and fix vulnerabilities. Seven years and 20K commits later, our technology has been battle tested by thousands of users. What’s next? Cobalt is... - Source: Hacker News / about 3 years ago

Ha, fun to see this again! Back before everything was HTTPS, it was fun to use the Browser Exploitation Framework (https://beefproject.com) which had a script included that did this. Though in those cases I wasn't in control of the gateway, so ARP spoofing was required to get other devices to route through me. - Source: Hacker News / about 2 months ago

For example IOS WebKit has a bunch of vulnerabilities announced recently. And one of those could be used via the Browser Exploitation Framework to install malware on your phone with you just clicking the link. Source: 5 months ago

Motivation is a key part, so those attacks are more theoretical than practically dangerous, however there is a class of attacks that's based on the fact that your browser can make arbitrary network connections, so unprivileged javascript can be used for some scans of your local network - for example, your router's internally accessible admin page or some vulnerability in a printer accessible in local network, as... Source: 10 months ago

This is something that kind of annoys me; there's even a /r/rails sub-reddit specifically for Ruby on Rails stuff. Understandably Rails helped put Ruby on the map. Before Rails, Ruby was just another fringe language. Rails became massively popular, helped many startups quickly build their Web 2.0 sites, and become successful companies (ex: GitHub, LinkedIn, AirBnB, etc). Like others have said, "Rails is where the... Source: 12 months ago

If you can open any webpage there then I would recommend using BeEF https://beefproject.com/. Source: about 1 year ago