Our Blog

Our news

All you need to know

Masquerading Windows processes like a DoubleAgent.

Reading time: ~17 min
I’ve been spending some time building new content for our Introduction to Red Teaming course, which has been great for...

Attacking smart cards in active directory

Reading time: ~9 min
Introduction Recently, I encountered a fully password-less environment. Every employee in this company had their own smart card that they...

Analysis of a 1day (CVE-2019-0547) and discovery of a forgotten condition in the patch (CVE-2019-0726) – Part 1 of 2

Reading time: ~16 min
This post will cover my journey into the analysis of CVE-2019-0547 (Affecting the windows DHCP client), a vulnerability discovered by...

recreating known universal windows password backdoors with Frida

Reading time: ~20 min
tl;dr I have been actively using Frida for little over a year now, but primarily on mobile devices while building...

Abusing GDI Objects for ring0 Primitives Revolution

Reading time: ~21 min
Exploiting MS17-017 EoP Using Color Palettes This post is an accompaniment to the Defcon 25 talk given by Saif. One...

Intercepting passwords with Empire and winning!

Reading time: ~6 min
This is my password,” said the King as he drew his sword. “The light is dawning, the lie broken. Now...