Browse our blogs
We cover it all in The Security Blog. Discover what you’ve been looking for.
Social Engineering Basics: How to Win Friends and Infiltrate Businesses
Understanding social engineering tactics and how to defend against physical breaches, with expert insights to enhance security awareness and employee…
Object Overloading: A Novel Approach to Sneaking Malicious DLLs into Windows Processes
Load arbitrary code into Windows processes using Object Overloading, a technique exploiting Windows' ProcessDeviceMap, for DLL hijacking and post-exploitation.
I’m bringing relaying back: A comprehensive guide on relaying anno 2022
Learn how to exploit broadcast protocols and coerced authentication to gain unauthorized access to networks and systems, with a comprehensive guide to NTLM…
WMI for Script Kiddies
Use WMI to easily access and manage system data, with tools like Wmic.exe, WBEM tester tool, CIM Studio, WinRM tool, and PowerShell, allowing for remote and…
SeeYouCM-Thief: Exploiting Common Misconfigurations in Cisco Phone Systems
As a penetration tester, exploiting plaintext credentials in Cisco phone configurations can lead to a foothold in the Active Directory environment, making this…
Real or Fake? Spoof-Proofing Email With SPF, DKIM, and DMARC
This in-depth guide helps organizations prevent email spoofing by setting up Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based…
Real or Fake? How to Spoof Email
Learn how email spoofing works, its dangers, and how to prevent it with advanced tools like SPF, DKIM, and DMARC, to keep your organization's email accounts…
An 'Attack Path' Mapping Approach to CVEs 2021-42287 and 2021-42278
Detect and prevent Windows attack paths using Splunk SPL queries for proactive and reactive defensive operations, including creating new computer accounts,…
Log4j Detection and Response Playbook
Prevent and detect Apache Log4j vulnerability with proactive scanning, patching, and monitoring to protect against remote code execution attacks.
Hacking the My Arcade Contra Pocket Player - Part I
Intro I was at my local Target recently and spotted the section near the video games, where there were some little collectable arcade systems and handhelds…
Persistence Through Service Workers-Part 3: Easy JavaScript Payload Deployment
In "Persistence Through Service Workers—PART 2: C2 Setup and Use," we demonstrated setting up the Shadow Workers C2 server and how to add both the service…
How we’re making sense of CMMC 2.0
On November 5, 2021, the Office of the Secretary for the Department of Defense produced a document outlining updates for the Cybersecurity Maturity Model…
Loading...