Browse our blogs
We cover it all in The Security Blog. Discover what you’ve been looking for.
CVE-2025-1729 - Privilege Escalation Using TPQMAssistant.exe
While digging into the internals of my new Lenovo ThinkPad P1 Gen7, I came across an unexpected discovery that quickly escalated from curiosity to a viable…
Abusing Chrome Remote Desktop on Red Team Operations: A Practical Guide
In this post, we’ll be exploring a practical technique for abusing Chrome Remote Desktop (also known as Google Remote Desktop) within a Red Team operation. I…
NIST CSF 2.0 Ratings and Assessment Methodologies for Scorecards – When the Math isn’t “Mathing”
As a Senior Security Consultant and National Institute of Standards and Technology (NIST) expert, the question I get asked the most is, how do we compare…
Attacking JWT using X509 Certificates
Take a closer look at JWT signature verification using X.509 headers as we walk through an attack and demonstrate a Burp extension to exploit a known…
Dragging Secrets Out of Chrome: NTLM Hash Leaks via File URLs
Figure 1 - We take our work very seriously. Capturing Hashes with DragonHashChromium-based browsers have an odd feature set that allows extensive drag-and-drop…
Hunting Deserialization Vulnerabilities With Claude
In this post, we are going to look at how we can find zero-days in .NET assemblies using Model Context Protocol (MCP).SetupBefore we can start vibe hacking, we…
Common Mobile Device Threat Vectors
Mobile devices are a must have in today’s world for communication. With that being said, these devices do come with some risks when it comes to personal data.…
Full Disclosure, GraphGhost: Are You Afraid of Failed Logins?
Another year, another vuln…It's that time again.Last year I disclosed the existence of GraphNinja - a (now fixed) vulnerability in Azure where you could…
Teaching a New Dog Old Tricks - Phishing With MCP
As AI evolves with MCP, can a new “dog” learn old tricks? In this blog, we test Claude AI’s ability to craft phishing pretexts—and just how much effort it…
Apples, Pears, and Oranges: Not All Pentest Firms Are the Same
Penetration testing is not a commodity service. If you are a procurer of penetration tests and have ever received wildly different quotes for the "same"…
AppSec Cheat Sheet: Session Management
Session Management Testing - CookiesThe Cheat Sheet section is for quick reference and to make sure steps don’t get missed.The Learn section is for those who…
Red Team Gold: Extracting Credentials from MDT Shares
When it comes to targeting enterprise deployment infrastructure during a Red Team engagement, SCCM (System Center Configuration Manager) tends to get all the…
Loading...