Our Blog

Introduction to WebAssembly

Reading time: ~6 min
I’ve started seeing WebAssemly (WASM) stuff popping up in a few places, most notably CloudFlare’s recent anti-container isolated v8 workload...

(Re)Evaluating Qubes OS as a pentesting platform

Reading time: ~13 min
Intro Laptop hardening is difficult at the best of times, and it’s made worse by the conflicting requirements we have...

Waiting for goDoH

Reading time: ~12 min
or DNS exfiltration over DNS over HTTPS (DoH) with godoh “Exfiltration Over Alternate Protocol” techniques such as using the Domain...

Mallet in the Middle

Reading time: ~19 min
I recently had an assessment reviewing a kiosk application. As I have been working on Mallet recently, this seemed like...

Linux Heap Exploitation Intro Series: Set you free() – part 2

Reading time: ~16 min
Intro Hello there! On this part we are focusing on abusing chunk creation and heap massaging in hope of overwriting...

Efficient HTTP Scripting in the Shell

Reading time: ~8 min
Javier had a simple shell script he posted to our internal chat a few days ago. It’s goal was to...

punching messages in the q

Reading time: ~18 min
We’ve done several assessments of late where we needed to (ab)use MQ services. We’ve detailed our experiences and results below....

Mallet, a framework for creating proxies

Reading time: ~17 min
Thanks to IoT and other developments, we’re having to review more and more non-HTTP protocols these days. While the hardware...

Decoding RF Protocols Within GRC

Reading time: ~6 min
I’ve been fascinated by SDR and everything you can do with it for a long time, and from a pentesters...

A new look at null sessions and user enumeration

Reading time: ~23 min
Hello, TLDR; I think I found three new ways to do user enumeration on Windows domain controllers, and I wrote...

Cracking Efficiency Measurements & Common Substring Attack

Reading time: ~5 min
This was an epic week for password cracking, we had lots of new hashes and lots of competition to see...

Linux Heap Exploitation Intro Series: Set you free() – part 1

Reading time: ~15 min
Intro (part 1) Hello and welcome to the final post of our Intro to exploitation series! We have learned the basics...

tip toeing past android 7’s network security configuration

Reading time: ~5 min
In late Jan, someone opened an Github issue in the objection repository about Android 7’s Network Security Configuration. The issue...

Fixing up Net-Creds

Reading time: ~6 min
TL; DR: I fixed-up net-creds and MITMf to solve the CHALLENGE NOT FOUND bug. A while back on an internal...