This is a direct copy of a blog I published for my current organisation. However, I thought I would also host it here to retain it for myself 🙂 Current modern networks are often sprawling with multiple areas of ingress. The growth of remote working and cloud computing has removed traditional boundaries and networks can … Continue reading Building Better Tests: Assumed Breach Testing
MiTM as Service
A number of recent articles and posts around the rise of evil proxy have started to emerge. Evil Proxy is a service based offering allowing "anyone" (providing you pass the bad guy vetting process) access to a web based platform to launch and manage MiTM phishing campaigns. These phishing techniques are not new and have … Continue reading MiTM as Service
XLS 4.0 Macros and Covenant
XLS4.0 And Covenant
HTB – Haystack Writeup
Haystack was a fun easy box over on HTB. Although perhaps only easy if you were at least aware of the tech stack being used on the machine. The initial path to user is perhaps not realistic but a fun mix of steg and research into elasticsearch in order to get credentials. This if then … Continue reading HTB – Haystack Writeup
Netmon
So Netmon was a nice little box, not much digging was required for the first flag thats for sure. Nice little exploit of another network / sysadmin web application these seem to always be quite fun and straightforward as they are often designed to execute code on a server. Anyway on with the box! Kicks … Continue reading Netmon