Automation Through Azure DevOps with Bob
Several months ago, our team moved into the realm of automation through the use of Azure DevOps. I would say that evolution is a necessary cycle that occurs,...
Stay in touch!
I would love to be able to keep you up-to-date on all that's going on with us.
Posts by Category
Security
Changeling - A Feature Morphing Creature
There has been a lot of good work over the past several months surrounding the idea of improving payload development and generation for pentests and red team...
Domain Fronting, Beacons, and TLS!
These posts have been too few and far in-between lately. But today I came across something that may save some poor red teamer a little bit of troubleshooting...
Paramiko SSH Authentication Bypass in Nutanix
It’s been a while since I’ve written anything. This post has honestly been queued up for quite a while, but as I was waiting for the vendor to patch the issu...
Resilient Red Team HTTPS Redirection Using Nginx
On a typical red team assessment, a redirector is a crucial part of the infrastructure in use. A redirector is basically a box that sits out on the internet ...
My OSCE Review
About a year ago, I received the most satisfying e-mail I had ever received. It was from Offensive-Security, and it was stating that I had successfully obtai...
SLAE Exam 7 Custom Crypter
Today we’re throwing down the landing gear and finishing up with SLAE! It’s been a great ride and I’ve learned a lot on the journey. With this last assignmen...
SLAE Exam 6 Polymorphic Shellcode
So, I’ve been on a slight hiatus from the SLAE because my lab time for OSCE began right as I was finishing this up. So, I put this on pause to complete that....
SLAE Exam 5 Shellcode Analysis - Part 3
Now, we’re cooking! We previously looked at two MSF payloads, read_file and the staged version of a bind_tcp shell. Now, we will look at one of the most comm...
SLAE Exam 5 Shellcode Analysis - Part 2
I’m about to make up for some lost time! Today we’re moving straight into part two of assignment 5. We’ll be following the same basic analysis process, but i...
SLAE Exam 5 Shellcode Analysis - Part 1
Man, I’ve been slacking. It’s currently 8:45PM, I’m sipping on some sweet Colombian medium-roast coffee, and it’s way too late for that. I’ve gotta get this ...
SLAE Exam 4 Custom Encoder
It’s a good day to be back in the lab. I’m stuck chugging some solid H20 today while taking a look at writing custom encoders for our shellcode. Today we’ll ...
SLAE Exam 3 Egg Hunter Shellcode
I’m flying high right now. No, not because I’ve successfully completed another SLAE assignment. I’m literally flying high, around 30,000 feet, on my way to d...
SLAE Exam 2 TCP Reverse Shell
No coffee tonight. It’s too late for that. It’s not that this assignment took long at all, but there were several things I had to do before I could finish th...
SLAE Exam 1 TCP Bind Shell
The SecurityTube Linux Assembly Expert (SLAE) exam is an open-source format that requires the test taker to blog each answer of the 7-part test. The instruct...
Cisco Prime Collaboration Provisioning RCE
Sometimes, as part of my day job I get to go out and do penetration testing for random places. The past two weeks I’ve been lucky enough to be on my second p...
My OSCP Experience
When I was young, around the age of 12, I thought that becoming a Certified Ethical Hacker was THE goal in life I wanted to accomplish. Ten years pass by and...
Gist
Two Stacks as a Queue
Before starting work each day, I like to set aside some time to warm my brain up by completing a small coding/algorithmic challenge. These challenges are oft...
Custom Domains with SSL for Github Pages
In a previous post, we discussed how to set up a Jekyll-based blog to be hosted using Github Pages. The process is straight-forward, and also free! So, if yo...
How to Set Up a Jekyll Blog
So, you want to start blogging, and you should! Blogging is a great way to relax, share information, and reinforce new topics that you may be learning about....