The power of our XSS cheat sheet is we get fantastic contributions from the web security community and this update is no exception. We had valuable contributions from Mozilla to remove events that no https://portswigger.net/research/new-exotic-events-in-the-xss-cheat-sheet
Continue readingRed Team Chronicles: Your trash my treasure
What happens when hackers need to get creative? This month’s edition of The Red Team Chronicles looks at a story from Jason Haddix who needed to get thrifty with his team to get access to …
Continue readingSecurity and Ten Laws of Technology
There are many well known, so called, laws of technology. Moore’s law being particularly emblematic. Let’s look at some of them and see what the security implications have been for each and what might further …
Continue readingBaldur
This post highlights why it is crucial to always push for white-box assessments during your security engagements. By comparing results and time invested in discovering various bug classes, it becomes evident that white-box consistently outperforms …
Continue readingFalconForceTeam/SOAPHound
SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Directory Web Services (ADWS) protocol. – GitHub – FalconForceTeam/SOAPHound: SOAPHound is a custom-developed .NET data …
Continue readingS1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory. – GitHub – S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet: A cheat sheet that contains common enumeration and attack methods for Windows Active Directory. https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet
Continue readingRansomware-Bericht: Immer weniger Opfer zahlen Lösegeld
Sicherheitsforscher zeigen aktuelle Trends bei Verschlüsselungstrojanern auf. Unter anderem schrumpfen die Summen von Lösegeldern. Verschlüsselungstrojaner sind nach wie vor eine der größten Bedrohungen für IT-Systeme von Unternehmen. https://www.heise.de/news/Ransomware-Bericht-Immer-weniger-Opfer-zahlen-Loesegeld-9613134.html
Continue readingWindows 11, version 23H2 security baseline
Microsoft is pleased to announce the release of the security baseline package for Windows 11, version 23H2! Please download the content from the Microsoft Security Compliance Toolkit, test the recommended configurations, and customize / implement …
Continue readingWeb AppSec Interview Questions
The following web application security questions and answers (mostly focused on web app hacking) are part of a series from my social media. The answers are hidden by default so you can practice answering them …
Continue readingConditional Access – Common Microsoft 365 Security Mistakes Series
Conditional Access (CA) is front and center of any attempt to secure Microsoft 365. https://campbell.scot/conditional-access-common-microsoft-365-security-mistakes-series/
Continue reading