Lockpicking: Wafer Lock, AMA – Part 2
Wafer locks are simple at heart, they try as best they can to protect the assets of their owners. With a little careful skill, they can be cajoled into handing […]
Blog
VMware Authentication Bypass Zero Day Alert
VMware has issued an advisory (VMSA-2023-0026) for an authentication bypass vulnerability (CVE-2023-34060) against its VMware Cloud Director Appliances. The vulnerability is rated critical with a 9.8 out of 10 CVSS severity […]
Flying Under The Radar – An Introductory Guide To Bypassing Microsoft Defender For Identity Detections
Bypassing Microsoft Defender For Identity Detections On a few recent internal penetration tests, I found common tools and techniques for Active Directory attacks being detected by Microsoft Defender for Identity […]
Maximizing Red Team Engagement Potential
Red Team, Take Two: Insights From Both The Consultant & The Executive – Presentation Join us at the 2023 Cyber Security Summit in Minneapolis, MN! We presented this material live […]
Pivoting VPN Process Tunneling: Ligolo-ng
Network Pivoting Via VPN Process Tunneling With Ligolo-ng In this tutorial, we will be using Ligolo-ng to quickly establish a network pivot point that can easily relay reverse shells and […]
Lockpicking: Legal Whims & Tumbling Pins – Part 1
Lockpicking is a practical skill that serves various purposes: from helping someone who’s locked themselves out of their house, to a challenging and engaging sport pursued by enthusiasts all around […]
GraphQL APIs & Enumeration Basics
This blog post serves as an introduction to GraphQL. We will shine light on how the query language functions and some basic security considerations, as well as tools and techniques […]
Find What Sparks Joy In Your Burp Suite Proxy History With Subtractive Scoping
Improving Quality-Of-Life With Simple Burp Suite Extensions (Part Two) The “right tool for the job” isn’t always the perfect tool for the job, and if you have been using Burp […]
New Burp Suite Extension Blows Your SOCKS Off
Improving Quality-Of-Life With Simple Burp Suite Extensions (Part One) If you have been using Burp Suite for a while, you probably have some ideas for small features or tweaks to […]
OSINT Challenge: Gralhix Challenge 005
This blog will focus on solving an OSINT (Open-Source Intelligence) challenge put out by Sofia Santos (“Gralhix”), a very skilled OSINT practitioner and contributor at the Center for Information Resilience […]