During the course of a Red Team exercise serveral QA assets where discovered. In particular the usage of the Selenium Grid platform without authentication caught the team's attention. The aim for this article is to explain how a QA platform exposed to the internet, Selenium Grid in this particular situation, can be used in a Red Team exercise. Introduction Selenium based platforms are mainly based on two components: a hub and several nodes. The hub is the main server which all the other machines (nodes) subscribe to in order to receive all the configuration needed for running a selenium session and performing automated tests. For executing the mentioned tests, each node instantiates browsers on demand using given parameters. From a ...