Browse our blogs
We cover it all in The Security Blog. Discover what you’ve been looking for.
Android Hacking for Beginners
Bypass Android security measures to access sensitive data and transfer funds with this step-by-step guide to exploiting vulnerabilities in the Damn Vulnerable…
Offensively Groovy
On a recent red team engagement, I was able to compromise the Jenkins admin user via retrieving the necessary components and decrypting credentials.xml. From…
Spec-tac-ula Deserialization: Deploying Specula with .NET
This post explains how.NET deserialization can be used to backdoor a workstation with Specula, making it a valuable resource for Red Team operations.
Let’s Clone a Cloner - Part 2: You Have No Power Here
Previously on Let's Clone a Cloner, I needed a long-range RFID badge cloner. There are many walkthroughs out there on how to build a cloner that are fantastic,…
Kicking it Old-School with Time-Based Enumeration in Azure
IntroductionYet another user-enumeration method has been identified in Azure. While Microsoft may have disabled Basic Authentication some time ago, we can…
Missing: Data Classification, Part 2 - Looking at System Classification
Recap of Part 1This is the second of a two-part series on Data Classification. The first part spoke to the fact that most security programs grow…
Pull Your SOCs Up
"It is a capital mistake to theorize before one has data. Insensibly one begins to twist facts to suit theories, instead of theories to suit facts."-Sir Arthur…
Console Cowboys: Navigating the Modern Terminal Frontier
Master the command line with our top 18 tools, from productivity boosters to system monitors, to streamline your workflow and tackle legacy systems with…
How to Get the Most Out of a Pentest
TL;DRDefine the goal of an assessment.Take time to choose the right assessment type.The more detail you give about an asset, the better quality your report…
Putting Our Hooks Into Windows
We're back with another post about common malware techniques. This time we are talking about setting Windows hooks. This is a simple technique that can be used…
When on Workstation, Do as the Local Browsers Do!
1 IntroductionWeb browsers are common targets for many different APTs. Tools like Redline Malware or penetration testing tools such as SharpChrome or…
Gobbling Up Forensic Analysis Data Using Velociraptor
Lately I have been working with Velociraptor for its endpoint and digital forensic capabilities and specifically spent time in many cases in the past two years…
Android Hacking for Beginners
Bypass Android security measures to access sensitive data and transfer funds with this step-by-step guide to exploiting vulnerabilities in the Damn Vulnerable…
Offensively Groovy
On a recent red team engagement, I was able to compromise the Jenkins admin user via retrieving the necessary components and decrypting credentials.xml. From…
Spec-tac-ula Deserialization: Deploying Specula with .NET
This post explains how.NET deserialization can be used to backdoor a workstation with Specula, making it a valuable resource for Red Team operations.
Let’s Clone a Cloner - Part 2: You Have No Power Here
Previously on Let's Clone a Cloner, I needed a long-range RFID badge cloner. There are many walkthroughs out there on how to build a cloner that are fantastic,…
Kicking it Old-School with Time-Based Enumeration in Azure
IntroductionYet another user-enumeration method has been identified in Azure. While Microsoft may have disabled Basic Authentication some time ago, we can…
Missing: Data Classification, Part 2 - Looking at System Classification
Recap of Part 1This is the second of a two-part series on Data Classification. The first part spoke to the fact that most security programs grow…
Pull Your SOCs Up
"It is a capital mistake to theorize before one has data. Insensibly one begins to twist facts to suit theories, instead of theories to suit facts."-Sir Arthur…
Console Cowboys: Navigating the Modern Terminal Frontier
Master the command line with our top 18 tools, from productivity boosters to system monitors, to streamline your workflow and tackle legacy systems with…
How to Get the Most Out of a Pentest
TL;DRDefine the goal of an assessment.Take time to choose the right assessment type.The more detail you give about an asset, the better quality your report…
Putting Our Hooks Into Windows
We're back with another post about common malware techniques. This time we are talking about setting Windows hooks. This is a simple technique that can be used…
When on Workstation, Do as the Local Browsers Do!
1 IntroductionWeb browsers are common targets for many different APTs. Tools like Redline Malware or penetration testing tools such as SharpChrome or…
Gobbling Up Forensic Analysis Data Using Velociraptor
Lately I have been working with Velociraptor for its endpoint and digital forensic capabilities and specifically spent time in many cases in the past two years…