Our Blog

Introduction to WebAssembly

Reading time: ~6 min
Posted by Dominic White on 14 November 2018
Categories: How-to, Howto, Webassembly
I’ve started seeing WebAssemly (WASM) stuff popping up in a few places, most notably CloudFlare’s recent anti-container isolated v8 workload...

(Re)Evaluating Qubes OS as a pentesting platform

Reading time: ~13 min
Posted by Dane Goodwin on 24 October 2018
Categories: Opsec, Tin-foil-hat
Intro Laptop hardening is difficult at the best of times, and it’s made worse by the conflicting requirements we have...

Waiting for goDoH

Reading time: ~12 min
Posted by Leon Jacobs on 24 October 2018
Categories: Bypass, Command execution, Dns, Experiment, Ioc, Malware, Research, Tools, Tunnelling
or DNS exfiltration over DNS over HTTPS (DoH) with godoh “Exfiltration Over Alternate Protocol” techniques such as using the Domain...

Mallet in the Middle

Reading time: ~19 min
Posted by Rogan Dawes on 10 October 2018
Categories: How-to, Howto, Mitm
I recently had an assessment reviewing a kiosk application. As I have been working on Mallet recently, this seemed like...

Linux Heap Exploitation Intro Series: Set you free() – part 2

Reading time: ~16 min
Posted by Javier Jimenez on 06 September 2018
Categories: Heap, Heap linux, Heap overflow, Apngopt, Exploit, Exploitaion
Intro Hello there! On this part we are focusing on abusing chunk creation and heap massaging in hope of overwriting...

Efficient HTTP Scripting in the Shell

Reading time: ~8 min
Posted by Dominic White on 05 September 2018
Categories: Bash, Curl, Efficiency, Experiment, Shell
Javier had a simple shell script he posted to our internal chat a few days ago. It’s goal was to...

punching messages in the q

Reading time: ~18 min
Posted by Leon Jacobs on 08 June 2018
Categories: Mq, Tools, Detection
We’ve done several assessments of late where we needed to (ab)use MQ services. We’ve detailed our experiences and results below....

Mallet, a framework for creating proxies

Reading time: ~17 min
Posted by Rogan Dawes on 08 June 2018
Categories: Analysis, Build-it, Interception, Mitm, Tools, Tricks
Thanks to IoT and other developments, we’re having to review more and more non-HTTP protocols these days. While the hardware...

Decoding RF Protocols Within GRC

Reading time: ~6 min
Posted by Dane Goodwin on 06 June 2018
Categories: Sdr
I’ve been fascinated by SDR and everything you can do with it for a long time, and from a pentesters...

A new look at null sessions and user enumeration

Reading time: ~23 min
Posted by Reino Mostert on 11 May 2018
Categories: Active directory, Deepdive, Tools
Hello, TLDR; I think I found three new ways to do user enumeration on Windows domain controllers, and I wrote...

Cracking Efficiency Measurements & Common Substring Attack

Reading time: ~5 min
Posted by Dominic White on 19 April 2018
Categories: Cracking
This was an epic week for password cracking, we had lots of new hashes and lots of competition to see...

Linux Heap Exploitation Intro Series: Set you free() – part 1

Reading time: ~15 min
Posted by Javier Jimenez on 15 March 2018
Categories: Exploit, Gdb, Heap, Heap linux, Heap overflow, Apng, Apngopt, Exploitaion
Intro (part 1) Hello and welcome to the final post of our Intro to exploitation series! We have learned the basics...

tip toeing past android 7’s network security configuration

Reading time: ~5 min
Posted by Leon Jacobs on 12 March 2018
Categories: Android, Frida, Research, Tools
In late Jan, someone opened an Github issue in the objection repository about Android 7’s Network Security Configuration. The issue...

Fixing up Net-Creds

Reading time: ~6 min
Posted by Reino Mostert on 20 February 2018
Categories: Tools
TL; DR: I fixed-up net-creds and MITMf to solve the CHALLENGE NOT FOUND bug. A while back on an internal...