CodePenetration Testing
August 23, 2017

sRDI – Shellcode Reflective DLL Injection

During our first offering of "Dark Side Ops II - Adversary Simulation" at Black Hat…
Read More
Penetration TestingWeb
August 17, 2017

XSS Using Active Directory Automatic Provisioning

We recently tested a web application that had implemented Azure Active Directory automatic provisioning through…
Read More
Penetration Testing
January 30, 2017

Username Discovery

Web App assessments are probably one of the most popular penetration tests performed today. These are…
Read More
Penetration Testing
January 23, 2017

Login Portal Security 101

Web App assessments are probably one of the most popular penetration tests performed today. These are…
Read More
Penetration Testing
January 27, 2016

Throwback Thursday – A Guide to Configuring Throwback

It's not Thursday, but today we're going back to DEF CON 22 where we released…
Read More
Penetration TestingPowerShell
December 28, 2015

The Evolution of Offensive PowerShell Invocation

By now, PowerShell should be in every offensive security person's arsenal. There are a plethora of PowerShell projects now…
Read More
Penetration Testing
December 4, 2015

Malicious Outlook Rules

Occasionally, we come across interesting scenarios that require thinking outside the box. For example: What if…
Read More
Penetration TestingPowerShell
October 2, 2015

Hashdump without the DC using DCSync (because we all wanted it)

Update: It was brought to our attention that we mistakenly forgot to credit a few…
Read More
Exploits
August 12, 2015

Exploiting MS15-076 (CVE-2015-2370)

A few weeks ago (July 14, 2015), Microsoft had a busy patch Tuesday fixing quite a…
Read More