About three years ago Google Project Zero’s researcher James Forshaw released the excellent DotNetToJScript project (https://github.com/tyranid/DotNetToJScript). If you’re not familiar, it introduced an interesting method to reflectively load a .NET […]
External Service Interaction through DNS or HTTP is one way to identify out-of-band server interaction vulnerabilities (issues where the server will respond to something other than your testing computer). This […]
Overview I was engaged to perform a mainframe penetration test recently. What is a mainframe? Mainframes are high-performance computers with large memory (RAM) and processors that process billions of simple […]
Overview Recently on an internal penetration test engagement I ran into an installation of HP SiteScope. Wikipedia defines HP Sitescope as “agentless monitoring software focused on monitoring the availability and performance of […]
While researching daycare software online we identified multiple providers / companies that offered daycare software. In this instance we looked at an application that was configured worse than the first […]
MouseJack, originally discovered by Bastille, is a vulnerability that affects many wireless (non-Bluetooth) keyboards and mice. An attacker is able to utilize a USB radio device, available for less than […]
I recently purchased a used vehicle from a local dealership, and so far, so good! The Chevy Cruze works as expected: the tires all are round, and I have not […]
I LOVE security testing. There, I said it. Penetration Testing, Red Teaming, Threat Emulation… I LOVE it all. Looking at a system, learning about the individual components, understanding how they […]
This is a story from one of our more recent Red Team engagements and what we did after gaining access to the target client’s environment. We breached the client’s perimeter […]
Our Red Team engagements generally start out as technical as possible. We start with OSINT and some light perimeter scanning to identify both human and technical targets, but we only […]
