We’ve Been Hacked By Mice!
MouseJack, originally discovered by Bastille, is a vulnerability that affects many wireless (non-Bluetooth) keyboards and mice. An attacker is able to utilize a USB radio device, available for less than […]
Tactical Insights
Tales From The Red Team: Deploying Kali in Containers in Your Cloud
This is a story from one of our more recent Red Team engagements and what we did after gaining access to the target client’s environment. We breached the client’s perimeter […]
Tales From The Red Team: What the Heck is Virgo?
Our Red Team engagements generally start out as technical as possible. We start with OSINT and some light perimeter scanning to identify both human and technical targets, but we only […]
(Very Simple) Checkout Manipulation Fun with PayPal
Many small businesses (and to be fair, several large businesses as well) use an external vendor to handle their checkout process. There may be many reasons to do so, such […]
Gone in 60 Mobile Apps – part 2
This series of posts is in no way showcases a full penetration test, which does a much deeper dive into an application’s risks and utilizes many more tools and manual […]
BlazeDS Java Object Deserialization Exploit Walkthrough
During a recent internal network penetration test, we saw indications that an Adobe ColdFusion host was vulnerable to the BlazeDS Java Object Deserialization exploit. After performing some research, I couldn’t […]
Gone In 60 Mobile Apps – part 1
This series of posts is in no way showcases a full penetration test, which does a much deeper dive into an application’s risks and utilizes many more tools and manual […]