Our Blog

Our news

All you need to know

Mallet, a framework for creating proxies

Reading time: ~17 min
Thanks to IoT and other developments, we’re having to review more and more non-HTTP protocols these days. While the hardware...

Recreating certificates using Apostille

Reading time: ~3 min
Sometimes on an engagement, you’d like to construct a believable certificate chain, that you have the matching private keys for....

Something about sudo, Kingcope and re-inventing the wheel

Reading time: ~5 min
Willems and I are currently on an internal assessment and have popped a couple hundred (thousand?) RHEL machines, which was...

Client Side Fingerprinting in Prep for SE

Reading time: ~3 min
On a recent engagement, we were tasked with trying to gain access to the network via a phishing attack (specifically...

Skype Passive IP Disclosure Vulnerability

Reading time: ~2 min
When performing spear phishing attacks, the more information you have at your disposal, the better. One tactic we thought useful...

Decrypting Symantec BackupExec passwords

Reading time: ~1 min
BackupExec agent is often among common services found on the internal pen tests. The agent software stores an encrypted “logon...