Conditional Access is one of Microsoft’s most powerful security features and the central engine for their zero trust architecture. https://danielchronlund.com/2022/01/07/the-attackers-guide-to-azure-ad-conditional-access/
Continue readingMonth: January 2023
IIS Crypto
IIS Crypto allows you to create your own custom templates which can be saved and then executed on multiple servers. To create your own template, select all of the settings for your configuration. Click on …
Continue readingWeb Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More
During the fall of 2022, a few friends and I took a road trip from Chicago, IL to Washington, DC to attend a cybersecurity conference and (try) to take a break from our usual computer …
Continue readingNew AMSI Bypass Using CLR Hooking
In this article, I will present a new technique to bypass Microsoft’s Anti-Malware Scan Interface (AMSI) using API Call Hooking of CLR methods. https://practicalsecurityanalytics.com/new-amsi-bypass-using-clr-hooking/
Continue readingSponsor j3ssie/Osmedeus
What is Osmedeus? Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. Next generation version? Enjoying this tool? Support it’s development and take your game to …
Continue readingWeb Security Academy
This cross-site scripting (XSS) cheat sheet contains many vectors that can help you bypass WAFs and filters. You can select vectors by the event, tag or browser and a proof of concept is included for …
Continue reading