Browse our blogs
We cover it all in The Security Blog. Discover what you’ve been looking for.
The Tale of the Lost, but not Forgotten, Undocumented NetSync: Part 2
Discover early indicators and controls to detect NetSync attacks, a technique used by offensive operators to compromise machine accounts and steal credentials.
The Tale of the Lost, but not Forgotten, Undocumented NetSync: Part 1
Learn how NetSync exploits machine account hashes in Active Directory, a vulnerability that can be leveraged by attackers to capture NTLM hashes, enabling…
Intro to Web App Security Testing: Logging
Detailed logging of penetration testing activities is crucial for accuracy and precision, allowing demonstration of actions and times throughout the…
Setting the ‘Referer’ Header Using JavaScript
Control the Referer header in JavaScript using a simple trick to bypass security controls and create malicious requests.
Azure Account Hijacking using mimikatz’s lsadump::setntlm
Senior security researcher Carlos Perez reveals a hybrid Office 365 attack method using Mimikatz to gain domain admin access and hijack user accounts,…
MacOS Injection via Third-Party Frameworks
Discover how to bypass MacOS process injection restrictions using.NET Core, Electron, and third-party frameworks, allowing for stealthy code execution within…
Weaponizing Group Policy Objects Access
Use Group Policy to pull down a file from your attack machine to Domain Controllers, leveraging client-side extensions and Admin Tool Extensions to bypass GPO…
Making EDR Work for PCI
Improve overall security posture with a single, centrally managed EDR/ATP solution, reducing software costs and supporting complex enterprise license…
Fuzzing the Front End!
Fuzz client-side components of Single Page Applications (SPAs) with a custom Ruby script for efficient testing and automation, leveraging tools like Burp and…
SMS Phish - An Incident Walkthrough
Justin Vaicaro analyzes a Cash App-based SMS phish attack, providing steps to analyze the phish site, set up OPSEC, and defend against such attacks,…
So, You Got Access to a *nix system… Now What?
As a pentester, learn how to exploit and access Unix-like systems, including identifying vulnerabilities, mounting NFS shares, and using LOLbins to navigate…
Red Teaming With Cobalt Strike – Not So Obvious Features
Oddvar Moe shares his Cobalt Strike experiences, covering GUI tips, web log usage, Sync Files, profiles, and more, to help improve skills in becoming a better…
Loading...