Browse our blogs
We cover it all in The Security Blog. Discover what you’ve been looking for.
Discovering a Deserialization Vulnerability in LINQPad
Like most red teamers, I spend quite a lot of time looking for novel vulnerabilities that could be used for initial access or lateral movement. Recently, my…
A 5-Minute Guide to HTTP Response Codes
If you've done any network scanning or application testing, you've run into your fair share of HTTP response codes. If not, these codes will show up in most…
Attacking JWT with Self-Signed Claims
JSON Web Tokens (JWTs) are a widely used format for applications and APIs to pass authorization information. These tokens often use a JSON Web Signature (JWS)…
EKUwu: Not just another AD CS ESC
Update November 12, 2024 - This vulnerability has been patched. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49019This post was originally…
Detecting CVE-2020-0688 Remote Code Execution Vulnerability on Microsoft Exchange Server
In February 2020, Microsoft released a patch for all versions of the Microsoft Exchange server. This patch fixes a Remote Code Execution flaw that allows an…
Android Hacking for Beginners
1.1 Prerequisites Set Up an Android Lab: https://www.trustedsec.com/blog/set-up-an-android-hacking-lab/ Burp Suite: https://portswigger.net/burp DVBA…
Offensively Groovy
On a recent red team engagement, I was able to compromise the Jenkins admin user via retrieving the necessary components and decrypting credentials.xml. From…
Spec-tac-ula Deserialization: Deploying Specula with .NET
Earlier this year, I gave a talk at Steelcon on .NET deserialization and how it can be used for Red Team ops. That talk focused on the theory of .NET…
Let’s Clone a Cloner - Part 2: You Have No Power Here
Previously on Let's Clone a Cloner, I needed a long-range RFID badge cloner. There are many walkthroughs out there on how to build a cloner that are fantastic,…
Kicking it Old-School with Time-Based Enumeration in Azure
IntroductionYet another user-enumeration method has been identified in Azure. While Microsoft may have disabled Basic Authentication some time ago, we can…
Missing: Data Classification, Part 2 - Looking at System Classification
Recap of Part 1This is the second of a two-part series on Data Classification. The first part spoke to the fact that most security programs grow…
Pull Your SOCs Up
"It is a capital mistake to theorize before one has data. Insensibly one begins to twist facts to suit theories, instead of theories to suit facts."-Sir Arthur…
Loading...