We share our expertise to make the world a safer place.
InfoSec moves at a rapid pace and sometimes it’s hard to keep up—that’s where we enter the chat.
Discover current cybersecurity insights
Get vital information straight from the experts, without all the noise.
HIPAA, HITECH, and HITRUST - It’s HI Time to Make Sense of it All
Organizations in the health care sector and those that work with it often hear about HIPAA, HITECH, and HITRUST compliance but may not understand what they all…
Azure's Front Door WAF WTF: IP Restriction Bypass
The Azure Front Door Web Application Firewall (WAF) has an "IP restriction" option that can be bypassed with the inclusion of an HTTP header. What's worse?…
CVE-2025-1729 - Privilege Escalation Using TPQMAssistant.exe
While digging into the internals of my new Lenovo ThinkPad P1 Gen7, I came across an unexpected discovery that quickly escalated from curiosity to a viable…
Security Noise - Episode 7.19
Hacker Culture: The Self Modifying Code
Abusing Chrome Remote Desktop on Red Team Operations: A Practical Guide
In this post, we’ll be exploring a practical technique for abusing Chrome Remote Desktop (also known as Google Remote Desktop) within a Red Team operation. I…
Dialing Into Deception: A Social Engineer's Playbook for Voice-Based Attacks
Join Targeted Operations Practice Lead Jason Lang and Senior Security Consultant David Boyd as they walk through different aspects of social engineering and…
NIST CSF 2.0 Ratings and Assessment Methodologies for Scorecards – When the Math isn’t “Mathing”
As a Senior Security Consultant and National Institute of Standards and Technology (NIST) expert, the question I get asked the most is, how do we compare…
Attacking JWT using X509 Certificates
Take a closer look at JWT signature verification using X.509 headers as we walk through an attack and demonstrate a Burp extension to exploit a known…
Security Noise - Episode 7.18
This week on Security Noise, we are hacking with AI! Listen as we discuss how AI can accelerate workflows, the pros and cons of using automation in penetration…
Dragging Secrets Out of Chrome: NTLM Hash Leaks via File URLs
Drag a file, leak a hash. Learn how Chrome’s drag-and-drop API lets web apps initiate complex actions...and with some social engineering, it can also trigger…
Hunting Deserialization Vulnerabilities With Claude
In this post, we are going to look at how we can find zero-days in .NET assemblies using Model Context Protocol (MCP).SetupBefore we can start vibe hacking, we…
Common Mobile Device Threat Vectors
Mobile devices are a must have in today’s world for communication. With that being said, these devices do come with some risks when it comes to personal data.…
Loading...
Get our best blogs, latest webinars, and podcasts sent to your inbox.
Our monthly newsletter makes it easy to stay up-to-date on the latest in security.
