Our Blog

Dress Code – The Talk

Reading time: ~33 min
TL;DR This post is a summary of the contents of my talk in Defcon 31 AppSec Village last August 2023,...

Duo Two-factor Authentication Bypass

Reading time: ~8 min
It’s too easy when hacking, to assume something is invulnerable and not interrogate it. This was the case for me...

Resurrecting an old AMSI Bypass

Reading time: ~11 min
While working on DoubleAgent as part of the Introduction To Red Teaming course we’re developing for RingZer0, I had a...

Waiting for goDoH

Reading time: ~12 min
or DNS exfiltration over DNS over HTTPS (DoH) with godoh “Exfiltration Over Alternate Protocol” techniques such as using the Domain...

Recreating certificates using Apostille

Reading time: ~3 min
Sometimes on an engagement, you’d like to construct a believable certificate chain, that you have the matching private keys for....

The TRITON Won’t Protect You From Our Punches

Reading time: ~10 min
Whilst on a Red Team assessment back in 2015, we were faced with a tough Data Leak Protection (DLP) and...