Browse our blogs
We cover it all in The Security Blog. Discover what you’ve been looking for.
Tech Brief - Citrix Bleed Abused by Ransomware Crews
Protect against Citrix Bleed ransomware attacks with our expert guidance on identifying vulnerabilities, developing detections, and improving incident response…
The SOCKS We Have at Home
Use OpenSSH to pivot through networks without complex tools, leveraging Windows 10 and Server 2019's default installation, and easily set up a bind shell for…
What is Hackvertor (and why should I care)?
What’s Hackvertor and why should I care?Years ago, Gareth Heyes created a Burp Suite (Burp) extension called Hackvertor. It’s an extension with a lot of…
Clickjacking: Not Just for the Clicks
Learn how to exploit drag-input clickjacking vulnerabilities in web applications to perform malicious actions, and see a proof-of-concept demonstration of this…
Book Review - The Definitive Guide to PCI DSS Version 4
As a PCI QSA, I have answered numerous questions about the new PC DSS Version 4. With over 500 total controls, and at least 100 of them unique to this version,…
The Triforce of Initial Access
Unlock the power of Microsoft Office with the ultimate Red Teaming toolkit, leveraging Evilginx, ROADtools, TeamFiltration, and Bobber to gain unparalleled…
JS-Tap: Weaponizing JavaScript for Red Teams
Red teamers can use JS-Tap to collect user inputs, screenshots, and network data from web applications without prior knowledge, simplifying red teaming and…
A Hitch-hacker's Guide to DACL-Based Detections (Part 3)
Configuring a SACL to prevent unauthorized changes to Active Directory attributes, enabling auditing and monitoring for potential attacks, and detecting…
A Hitch-hacker's Guide to DACL-Based Detections (Part 2)
This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1 IntroductionThis is a continuation of A…
A Hitch-hacker's Guide to DACL-Based Detections (Part 1B)
Here is a meta description summarizing the key benefits and value proposition of this webpage, within the 150-160 character limit:
Detecting Windows SACL…
A Hitch-hacker's Guide to DACL-Based Detections (Part 1A)
blue team
Basic Authentication Versus CSRF
I was recently involved in an engagement where access was controlled by Basic Authentication. One (1) of the findings I discovered was a Cross-Site Request…
Loading...