Our Blog
Browser Cache Smuggling: the return of the dropper
Reading time:
~8 min
Posted
by aurelien.chalot@orangecyberdefense.com
on
24 March 2025
A year and a half ago I wrote a blog post describing how browsers’ cache system can be abused to...
P4wnP1 LTE updates
Reading time:
~11 min
Posted
by Rogan Dawes
on
27 October 2023
After publishing my blog post about running P4wnP1 on an LTE modem, where I explained how to install Linux and...
Browsers’ cache smuggling
Reading time:
~13 min
Posted
by aurelien.chalot@orangecyberdefense.com
on
10 July 2023
On red team engagements, I often use social engineering to get one of my client’s employees to run my malicious...
P4wnP1-LTE
Reading time:
~12 min
Posted
by Rogan Dawes
on
09 July 2023
I’ve written a couple of blog posts in the past in which I explain how to use Marcus Mengs’ truly...
Abusing Windows’ tokens to compromise Active Directory without touching LSASS
Reading time:
~34 min
Posted
by aurelien.chalot@orangecyberdefense.com
on
27 October 2022
During an internal assessment, I performed an NTLM relay and ended up owning the NT AUTHORITY\SYSTEM account of the Windows...
Avoiding detection via DHCP options
Reading time:
~5 min
Posted
by Rogan Dawes
on
20 July 2020
When conducting a red team exercise, we want to blend in as much as possible with the existing systems on...
Making the Perfect Red Team Dropbox (Part 2)
Reading time:
~18 min
Posted
by Rogan Dawes
on
09 July 2020
In part 1 of this series, we set up the NanoPi R1S as a USB attack tool, covering OS installation,...
Making the Perfect Red Team Dropbox (Part 1)
Reading time:
~11 min
Posted
by Rogan Dawes
on
18 May 2020
As part of our preparations for our upcoming RingZer0 “Q Division” Training, I have been working on making a software...
Obtaining shells via Logitech Unifying Dongles
Reading time:
~11 min
Posted
by Rogan Dawes
on
02 December 2019
In this post, I will recap some of the security research conducted on wireless keyboards and mice, and eventually show...