Hello darkness, my old friend. We’re back after quite the long hiatus with another entry in the Deception in Depth series, since then I’ve changed roles from the lead on the deception project at $Employer to the Red Team (I’ve mentioned this in a few posts before, I think.
Continue readingHow Google Does It: Using threat intelligence to uncover and track cybercri
One of the GTIG teams was able to investigate the malware in concert with our cybercrimes investigations group, and the legal litigation team was able to take civil action against the CryptBot malware distributors.
Continue readingPEASS-ng/linPEAS/README.md at master · peass-ng/PEASS-ng · GitHub
LinPEAS is a script that search for possible paths to escalate privileges on Linux/Unix*/MacOS hosts. The checks are explained on book.hacktricks.xyz Check the Local Linux Privilege Escalation checklist from book.hacktricks.xyz.
Continue readingStressed Testing: Practical Operational Resilience
Operational resilience is a concept that has gained even further traction. It first came to prominence from financial regulators, in particular the Bank of England and then others.
Continue readingSoaPy: Stealthy enumeration of Active Directory environments through ADWS
Over time, both targeted and large-scale enumeration of Active Directory (AD) environments have become increasingly detected due to modern defensive solutions.
Continue readingonwebkitplaybacktargetavailabilitychanged?! New exotic events in the XSS cheat sheet
The power of our XSS cheat sheet is we get fantastic contributions from the web security community and this update is no exception. We had valuable contributions from Mozilla to remove events that no https://portswigger.net/research/new-exotic-events-in-the-xss-cheat-sheet
Continue readingRed Team Chronicles: Your trash my treasure
What happens when hackers need to get creative? This month’s edition of The Red Team Chronicles looks at a story from Jason Haddix who needed to get thrifty with his team to get access to …
Continue readingSecurity and Ten Laws of Technology
There are many well known, so called, laws of technology. Moore’s law being particularly emblematic. Let’s look at some of them and see what the security implications have been for each and what might further …
Continue readingBaldur
This post highlights why it is crucial to always push for white-box assessments during your security engagements. By comparing results and time invested in discovering various bug classes, it becomes evident that white-box consistently outperforms …
Continue readingFalconForceTeam/SOAPHound
SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Directory Web Services (ADWS) protocol. – GitHub – FalconForceTeam/SOAPHound: SOAPHound is a custom-developed .NET data …
Continue reading